: str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in
if ( str_contains( $content, '' ) ) {
$content = strtr( $content, $wp_htmltranswinuni );
* Balances tags if forced to, or if the 'use_balanceTags' option is set to true.
* @param string $text Text to be balanced
* @param bool $force If true, forces balancing, ignoring the value of the option. Default false.
* @return string Balanced text
function balanceTags( $text, $force = false ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid
if ( $force || (int) get_option( 'use_balanceTags' ) === 1 ) {
return force_balance_tags( $text );
* Balances tags of string using a modified stack.
* @since 5.3.0 Improve accuracy and add support for custom element tags.
* @author Leonard Lin <leonard@acm.org>
* @copyright November 4, 2001
* @todo Make better - change loop condition to $text in 1.2
* @internal Modified by Scott Reilly (coffee2code) 02 Aug 2004
* 1.1 Fixed handling of append/stack pop order of end text
* @param string $text Text to be balanced.
* @return string Balanced text.
function force_balance_tags( $text ) {
// Known single-entity/self-closing tags.
$single_tags = array( 'area', 'base', 'basefont', 'br', 'col', 'command', 'embed', 'frame', 'hr', 'img', 'input', 'isindex', 'link', 'meta', 'param', 'source', 'track', 'wbr' );
// Tags that can be immediately nested within themselves.
$nestable_tags = array( 'article', 'aside', 'blockquote', 'details', 'div', 'figure', 'object', 'q', 'section', 'span' );
// WP bug fix for comments - in case you REALLY meant to type '< !--'.
$text = str_replace( '< !--', '< !--', $text );
// WP bug fix for LOVE <3 (and other situations with '<' before a number).
$text = preg_replace( '#<([0-9]{1})#', '<$1', $text );
* Matches supported tags.
* To get the pattern as a string without the comments paste into a PHP
* @see https://html.spec.whatwg.org/#elements-2
* @see https://html.spec.whatwg.org/multipage/custom-elements.html#valid-custom-element-name
* php > $s = [paste copied contents of expression below including parentheses];
'#<' . // Start with an opening bracket.
'(/?)' . // Group 1 - If it's a closing tag it'll have a leading slash.
'(' . // Group 2 - Tag name.
// Custom element tags have more lenient rules than HTML tag names.
'(?:[a-z](?:[a-z0-9._]*)-(?:[a-z0-9._-]+)+)' .
// Traditional tag rules approximate HTML tag names.
// We either immediately close the tag with its '>' and have nothing here.
'(/?)' . // Group 3 - "attributes" for empty tag.
// Or we must start with space characters to separate the tag name from the attributes (or whitespace).
'(\s+)' . // Group 4 - Pre-attribute whitespace.
'([^>]*)' . // Group 5 - Attributes.
'>#' // End with a closing bracket.
while ( preg_match( $tag_pattern, $text, $regex ) ) {
$has_leading_slash = ! empty( $regex[1] );
$tag = strtolower( $tag_name );
$is_single_tag = in_array( $tag, $single_tags, true );
$pre_attribute_ws = isset( $regex[4] ) ? $regex[4] : '';
$attributes = trim( isset( $regex[5] ) ? $regex[5] : $regex[3] );
$has_self_closer = str_ends_with( $attributes, '/' );
$i = strpos( $text, $full_match );
$l = strlen( $full_match );
if ( $has_leading_slash ) { // End tag.
// If too many closing tags.
// Or close to be safe $tag = '/' . $tag.
// If stacktop value = tag close value, then pop.
} elseif ( $tagstack[ $stacksize - 1 ] === $tag ) { // Found closing tag.
$tag = '</' . $tag . '>'; // Close tag.
} else { // Closing tag not at top, search for it.
for ( $j = $stacksize - 1; $j >= 0; $j-- ) {
if ( $tagstack[ $j ] === $tag ) {
for ( $k = $stacksize - 1; $k >= $j; $k-- ) {
$tagqueue .= '</' . array_pop( $tagstack ) . '>';
if ( $has_self_closer ) {
* If it presents itself as a self-closing tag, but it isn't a known single-entity self-closing tag,
* then don't let it be treated as such and immediately close it with a closing tag.
* The tag will encapsulate no text as a result.
if ( ! $is_single_tag ) {
$attributes = trim( substr( $attributes, 0, -1 ) ) . "></$tag";
} elseif ( $is_single_tag ) {
// Else if it's a known single-entity tag but it doesn't close itself, do so.
* It's not a single-entity tag.
* If the top of the stack is the same as the tag we want to push, close previous tag.
if ( $stacksize > 0 && ! in_array( $tag, $nestable_tags, true ) && $tagstack[ $stacksize - 1 ] === $tag ) {
$tagqueue = '</' . array_pop( $tagstack ) . '>';
$stacksize = array_push( $tagstack, $tag );
if ( $has_self_closer && $is_single_tag ) {
// We need some space - avoid <br/> and prefer <br />.
$tag = '<' . $tag . $pre_attribute_ws . $attributes . '>';
// If already queuing a close tag, then put this tag on too.
if ( ! empty( $tagqueue ) ) {
$newtext .= substr( $text, 0, $i ) . $tag;
$text = substr( $text, $i + $l );
while ( $x = array_pop( $tagstack ) ) {
$newtext .= '</' . $x . '>'; // Add remaining tags to close.
// WP fix for the bug with HTML comments.
$newtext = str_replace( '< !--', '<!--', $newtext );
$newtext = str_replace( '< !--', '< !--', $newtext );
* Acts on text which is about to be edited.
* The $content is run through esc_textarea(), which uses htmlspecialchars()
* to convert special characters to HTML entities. If `$richedit` is set to true,
* it is simply a holder for the {@see 'format_to_edit'} filter.
* @since 4.4.0 The `$richedit` parameter was renamed to `$rich_text` for clarity.
* @param string $content The text about to be edited.
* @param bool $rich_text Optional. Whether `$content` should be considered rich text,
* in which case it would not be passed through esc_textarea().
* @return string The text after the filter (and possibly htmlspecialchars()) has been run.
function format_to_edit( $content, $rich_text = false ) {
* Filters the text to be formatted for editing.
* @param string $content The text, prior to formatting for editing.
$content = apply_filters( 'format_to_edit', $content );
$content = esc_textarea( $content );
* Add leading zeros when necessary.
* If you set the threshold to '4' and the number is '10', then you will get
* back '0010'. If you set the threshold to '4' and the number is '5000', then you
* Uses sprintf to append the amount of zeros based on the $threshold parameter
* and the size of the number. If the number is large enough, then no zeros will
* @param int $number Number to append zeros to if not greater than threshold.
* @param int $threshold Digit places number needs to be to not have zeros added.
* @return string Adds leading zeros to number if needed.
function zeroise( $number, $threshold ) {
return sprintf( '%0' . $threshold . 's', $number );
* Adds backslashes before letters and before a number at the start of a string.
* @param string $value Value to which backslashes will be added.
* @return string String with backslashes inserted.
function backslashit( $value ) {
if ( isset( $value[0] ) && $value[0] >= '0' && $value[0] <= '9' ) {
$value = '\\\\' . $value;
return addcslashes( $value, 'A..Za..z' );
* Appends a trailing slash.
* Will remove trailing forward and backslashes if it exists already before adding
* a trailing forward slash. This prevents double slashing a string or path.
* The primary use of this is for paths and thus should be used for paths. It is
* not restricted to paths and offers no specific path support.
* @param string $value Value to which trailing slash will be added.
* @return string String with trailing slash added.
function trailingslashit( $value ) {
return untrailingslashit( $value ) . '/';
* Removes trailing forward slashes and backslashes if they exist.
* The primary use of this is for paths and thus should be used for paths. It is
* not restricted to paths and offers no specific path support.
* @param string $text Value from which trailing slashes will be removed.
* @return string String without the trailing slashes.
function untrailingslashit( $value ) {
return rtrim( $value, '/\\' );
* Adds slashes to a string or recursively adds slashes to strings within an array.
* @param string|array $gpc String or array of data to slash.
* @return string|array Slashed `$gpc`.
function addslashes_gpc( $gpc ) {
* Navigates through an array, object, or scalar, and removes slashes from the values.
* @param mixed $value The value to be stripped.
* @return mixed Stripped value.
function stripslashes_deep( $value ) {
return map_deep( $value, 'stripslashes_from_strings_only' );
* Callback function for `stripslashes_deep()` which strips slashes from strings.
* @param mixed $value The array or string to be stripped.
* @return mixed The stripped value.
function stripslashes_from_strings_only( $value ) {
return is_string( $value ) ? stripslashes( $value ) : $value;
* Navigates through an array, object, or scalar, and encodes the values to be used in a URL.
* @param mixed $value The array or string to be encoded.
* @return mixed The encoded value.
function urlencode_deep( $value ) {
return map_deep( $value, 'urlencode' );
* Navigates through an array, object, or scalar, and raw-encodes the values to be used in a URL.
* @param mixed $value The array or string to be encoded.
* @return mixed The encoded value.
function rawurlencode_deep( $value ) {
return map_deep( $value, 'rawurlencode' );
* Navigates through an array, object, or scalar, and decodes URL-encoded values
* @param mixed $value The array or string to be decoded.
* @return mixed The decoded value.
function urldecode_deep( $value ) {
return map_deep( $value, 'urldecode' );
* Converts email addresses characters to HTML entities to block spam bots.
* @param string $email_address Email address.
* @param int $hex_encoding Optional. Set to 1 to enable hex encoding.
* @return string Converted email address.
function antispambot( $email_address, $hex_encoding = 0 ) {
$email_no_spam_address = '';
for ( $i = 0, $len = strlen( $email_address ); $i < $len; $i++ ) {
$j = rand( 0, 1 + $hex_encoding );
$email_no_spam_address .= '&#' . ord( $email_address[ $i ] ) . ';';
$email_no_spam_address .= $email_address[ $i ];
$email_no_spam_address .= '%' . zeroise( dechex( ord( $email_address[ $i ] ) ), 2 );
return str_replace( '@', '@', $email_no_spam_address );
* Callback to convert URI match to HTML A element.
* This function was backported from 2.5.0 to 2.3.2. Regex callback for make_clickable().
* @param array $matches Single Regex Match.
* @return string HTML A element with URI address.
function _make_url_clickable_cb( $matches ) {
if ( ')' === $matches[3] && strpos( $url, '(' ) ) {
* If the trailing character is a closing parenthesis, and the URL has an opening parenthesis in it,
* add the closing parenthesis to the URL. Then we can let the parenthesis balancer do its thing below.
// Include parentheses in the URL only if paired.
while ( substr_count( $url, '(' ) < substr_count( $url, ')' ) ) {
$suffix = strrchr( $url, ')' ) . $suffix;
$url = substr( $url, 0, strrpos( $url, ')' ) );
$rel_attr = _make_clickable_rel_attr( $url );
return $matches[1] . "<a href=\"{$url}\"{$rel_attr}>{$url}</a>" . $suffix;
* Callback to convert URL match to HTML A element.
* This function was backported from 2.5.0 to 2.3.2. Regex callback for make_clickable().
* @param array $matches Single Regex Match.
* @return string HTML A element with URL address.
function _make_web_ftp_clickable_cb( $matches ) {
$dest = 'http://' . $dest;
// Removed trailing [.,;:)] from URL.
$last_char = substr( $dest, -1 );
if ( in_array( $last_char, array( '.', ',', ';', ':', ')' ), true ) === true ) {
$dest = substr( $dest, 0, strlen( $dest ) - 1 );
$dest = esc_url( $dest );
$rel_attr = _make_clickable_rel_attr( $dest );
return $matches[1] . "<a href=\"{$dest}\"{$rel_attr}>{$dest}</a>{$ret}";
* Callback to convert email address match to HTML A element.
* This function was backported from 2.5.0 to 2.3.2. Regex callback for make_clickable().
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
