Edit File by line

Deprecated: str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in /home/sportsfever/public_html/filemanger/function.php on line 93

Warning: Undefined array key "page_file_edit_line" in /home/sportsfever/public_html/filemanger/edit_text_line.php on line 32
/home/sportsfe.../public_h.../wp-inclu...
File: kses.php
$working = 1;
[1500] Fix | Delete
$mode = 0;
[1501] Fix | Delete
$attr = preg_replace( "%^[^\s\"']+(\s+|$)%", '', $attr );
[1502] Fix | Delete
}
[1503] Fix | Delete
[1504] Fix | Delete
break;
[1505] Fix | Delete
} // End switch.
[1506] Fix | Delete
[1507] Fix | Delete
if ( 0 === $working ) { // Not well-formed, remove and try again.
[1508] Fix | Delete
$attr = wp_kses_html_error( $attr );
[1509] Fix | Delete
$mode = 0;
[1510] Fix | Delete
}
[1511] Fix | Delete
} // End while.
[1512] Fix | Delete
[1513] Fix | Delete
if ( 1 === $mode && false === array_key_exists( $attrname, $attrarr ) ) {
[1514] Fix | Delete
/*
[1515] Fix | Delete
* Special case, for when the attribute list ends with a valueless
[1516] Fix | Delete
* attribute like "selected".
[1517] Fix | Delete
*/
[1518] Fix | Delete
$attrarr[ $attrname ] = array(
[1519] Fix | Delete
'name' => $attrname,
[1520] Fix | Delete
'value' => '',
[1521] Fix | Delete
'whole' => $attrname,
[1522] Fix | Delete
'vless' => 'y',
[1523] Fix | Delete
);
[1524] Fix | Delete
}
[1525] Fix | Delete
[1526] Fix | Delete
return $attrarr;
[1527] Fix | Delete
}
[1528] Fix | Delete
[1529] Fix | Delete
/**
[1530] Fix | Delete
* Finds all attributes of an HTML element.
[1531] Fix | Delete
*
[1532] Fix | Delete
* Does not modify input. May return "evil" output.
[1533] Fix | Delete
*
[1534] Fix | Delete
* Based on `wp_kses_split2()` and `wp_kses_attr()`.
[1535] Fix | Delete
*
[1536] Fix | Delete
* @since 4.2.3
[1537] Fix | Delete
*
[1538] Fix | Delete
* @param string $element HTML element.
[1539] Fix | Delete
* @return array|false List of attributes found in the element. Returns false on failure.
[1540] Fix | Delete
*/
[1541] Fix | Delete
function wp_kses_attr_parse( $element ) {
[1542] Fix | Delete
$valid = preg_match( '%^(<\s*)(/\s*)?([a-zA-Z0-9]+\s*)([^>]*)(>?)$%', $element, $matches );
[1543] Fix | Delete
if ( 1 !== $valid ) {
[1544] Fix | Delete
return false;
[1545] Fix | Delete
}
[1546] Fix | Delete
[1547] Fix | Delete
$begin = $matches[1];
[1548] Fix | Delete
$slash = $matches[2];
[1549] Fix | Delete
$elname = $matches[3];
[1550] Fix | Delete
$attr = $matches[4];
[1551] Fix | Delete
$end = $matches[5];
[1552] Fix | Delete
[1553] Fix | Delete
if ( '' !== $slash ) {
[1554] Fix | Delete
// Closing elements do not get parsed.
[1555] Fix | Delete
return false;
[1556] Fix | Delete
}
[1557] Fix | Delete
[1558] Fix | Delete
// Is there a closing XHTML slash at the end of the attributes?
[1559] Fix | Delete
if ( 1 === preg_match( '%\s*/\s*$%', $attr, $matches ) ) {
[1560] Fix | Delete
$xhtml_slash = $matches[0];
[1561] Fix | Delete
$attr = substr( $attr, 0, -strlen( $xhtml_slash ) );
[1562] Fix | Delete
} else {
[1563] Fix | Delete
$xhtml_slash = '';
[1564] Fix | Delete
}
[1565] Fix | Delete
[1566] Fix | Delete
// Split it.
[1567] Fix | Delete
$attrarr = wp_kses_hair_parse( $attr );
[1568] Fix | Delete
if ( false === $attrarr ) {
[1569] Fix | Delete
return false;
[1570] Fix | Delete
}
[1571] Fix | Delete
[1572] Fix | Delete
// Make sure all input is returned by adding front and back matter.
[1573] Fix | Delete
array_unshift( $attrarr, $begin . $slash . $elname );
[1574] Fix | Delete
array_push( $attrarr, $xhtml_slash . $end );
[1575] Fix | Delete
[1576] Fix | Delete
return $attrarr;
[1577] Fix | Delete
}
[1578] Fix | Delete
[1579] Fix | Delete
/**
[1580] Fix | Delete
* Builds an attribute list from string containing attributes.
[1581] Fix | Delete
*
[1582] Fix | Delete
* Does not modify input. May return "evil" output.
[1583] Fix | Delete
* In case of unexpected input, returns false instead of stripping things.
[1584] Fix | Delete
*
[1585] Fix | Delete
* Based on `wp_kses_hair()` but does not return a multi-dimensional array.
[1586] Fix | Delete
*
[1587] Fix | Delete
* @since 4.2.3
[1588] Fix | Delete
*
[1589] Fix | Delete
* @param string $attr Attribute list from HTML element to closing HTML element tag.
[1590] Fix | Delete
* @return array|false List of attributes found in $attr. Returns false on failure.
[1591] Fix | Delete
*/
[1592] Fix | Delete
function wp_kses_hair_parse( $attr ) {
[1593] Fix | Delete
if ( '' === $attr ) {
[1594] Fix | Delete
return array();
[1595] Fix | Delete
}
[1596] Fix | Delete
[1597] Fix | Delete
$regex =
[1598] Fix | Delete
'(?:
[1599] Fix | Delete
[_a-zA-Z][-_a-zA-Z0-9:.]* # Attribute name.
[1600] Fix | Delete
|
[1601] Fix | Delete
\[\[?[^\[\]]+\]\]? # Shortcode in the name position implies unfiltered_html.
[1602] Fix | Delete
)
[1603] Fix | Delete
(?: # Attribute value.
[1604] Fix | Delete
\s*=\s* # All values begin with "=".
[1605] Fix | Delete
(?:
[1606] Fix | Delete
"[^"]*" # Double-quoted.
[1607] Fix | Delete
|
[1608] Fix | Delete
\'[^\']*\' # Single-quoted.
[1609] Fix | Delete
|
[1610] Fix | Delete
[^\s"\']+ # Non-quoted.
[1611] Fix | Delete
(?:\s|$) # Must have a space.
[1612] Fix | Delete
)
[1613] Fix | Delete
|
[1614] Fix | Delete
(?:\s|$) # If attribute has no value, space is required.
[1615] Fix | Delete
)
[1616] Fix | Delete
\s* # Trailing space is optional except as mentioned above.
[1617] Fix | Delete
';
[1618] Fix | Delete
[1619] Fix | Delete
/*
[1620] Fix | Delete
* Although it is possible to reduce this procedure to a single regexp,
[1621] Fix | Delete
* we must run that regexp twice to get exactly the expected result.
[1622] Fix | Delete
*
[1623] Fix | Delete
* Note: do NOT remove the `x` modifiers as they are essential for the above regex!
[1624] Fix | Delete
*/
[1625] Fix | Delete
[1626] Fix | Delete
$validation = "/^($regex)+$/x";
[1627] Fix | Delete
$extraction = "/$regex/x";
[1628] Fix | Delete
[1629] Fix | Delete
if ( 1 === preg_match( $validation, $attr ) ) {
[1630] Fix | Delete
preg_match_all( $extraction, $attr, $attrarr );
[1631] Fix | Delete
return $attrarr[0];
[1632] Fix | Delete
} else {
[1633] Fix | Delete
return false;
[1634] Fix | Delete
}
[1635] Fix | Delete
}
[1636] Fix | Delete
[1637] Fix | Delete
/**
[1638] Fix | Delete
* Performs different checks for attribute values.
[1639] Fix | Delete
*
[1640] Fix | Delete
* The currently implemented checks are "maxlen", "minlen", "maxval", "minval",
[1641] Fix | Delete
* and "valueless".
[1642] Fix | Delete
*
[1643] Fix | Delete
* @since 1.0.0
[1644] Fix | Delete
*
[1645] Fix | Delete
* @param string $value Attribute value.
[1646] Fix | Delete
* @param string $vless Whether the attribute is valueless. Use 'y' or 'n'.
[1647] Fix | Delete
* @param string $checkname What $checkvalue is checking for.
[1648] Fix | Delete
* @param mixed $checkvalue What constraint the value should pass.
[1649] Fix | Delete
* @return bool Whether check passes.
[1650] Fix | Delete
*/
[1651] Fix | Delete
function wp_kses_check_attr_val( $value, $vless, $checkname, $checkvalue ) {
[1652] Fix | Delete
$ok = true;
[1653] Fix | Delete
[1654] Fix | Delete
switch ( strtolower( $checkname ) ) {
[1655] Fix | Delete
case 'maxlen':
[1656] Fix | Delete
/*
[1657] Fix | Delete
* The maxlen check makes sure that the attribute value has a length not
[1658] Fix | Delete
* greater than the given value. This can be used to avoid Buffer Overflows
[1659] Fix | Delete
* in WWW clients and various Internet servers.
[1660] Fix | Delete
*/
[1661] Fix | Delete
[1662] Fix | Delete
if ( strlen( $value ) > $checkvalue ) {
[1663] Fix | Delete
$ok = false;
[1664] Fix | Delete
}
[1665] Fix | Delete
break;
[1666] Fix | Delete
[1667] Fix | Delete
case 'minlen':
[1668] Fix | Delete
/*
[1669] Fix | Delete
* The minlen check makes sure that the attribute value has a length not
[1670] Fix | Delete
* smaller than the given value.
[1671] Fix | Delete
*/
[1672] Fix | Delete
[1673] Fix | Delete
if ( strlen( $value ) < $checkvalue ) {
[1674] Fix | Delete
$ok = false;
[1675] Fix | Delete
}
[1676] Fix | Delete
break;
[1677] Fix | Delete
[1678] Fix | Delete
case 'maxval':
[1679] Fix | Delete
/*
[1680] Fix | Delete
* The maxval check does two things: it checks that the attribute value is
[1681] Fix | Delete
* an integer from 0 and up, without an excessive amount of zeroes or
[1682] Fix | Delete
* whitespace (to avoid Buffer Overflows). It also checks that the attribute
[1683] Fix | Delete
* value is not greater than the given value.
[1684] Fix | Delete
* This check can be used to avoid Denial of Service attacks.
[1685] Fix | Delete
*/
[1686] Fix | Delete
[1687] Fix | Delete
if ( ! preg_match( '/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value ) ) {
[1688] Fix | Delete
$ok = false;
[1689] Fix | Delete
}
[1690] Fix | Delete
if ( $value > $checkvalue ) {
[1691] Fix | Delete
$ok = false;
[1692] Fix | Delete
}
[1693] Fix | Delete
break;
[1694] Fix | Delete
[1695] Fix | Delete
case 'minval':
[1696] Fix | Delete
/*
[1697] Fix | Delete
* The minval check makes sure that the attribute value is a positive integer,
[1698] Fix | Delete
* and that it is not smaller than the given value.
[1699] Fix | Delete
*/
[1700] Fix | Delete
[1701] Fix | Delete
if ( ! preg_match( '/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value ) ) {
[1702] Fix | Delete
$ok = false;
[1703] Fix | Delete
}
[1704] Fix | Delete
if ( $value < $checkvalue ) {
[1705] Fix | Delete
$ok = false;
[1706] Fix | Delete
}
[1707] Fix | Delete
break;
[1708] Fix | Delete
[1709] Fix | Delete
case 'valueless':
[1710] Fix | Delete
/*
[1711] Fix | Delete
* The valueless check makes sure if the attribute has a value
[1712] Fix | Delete
* (like `<a href="blah">`) or not (`<option selected>`). If the given value
[1713] Fix | Delete
* is a "y" or a "Y", the attribute must not have a value.
[1714] Fix | Delete
* If the given value is an "n" or an "N", the attribute must have a value.
[1715] Fix | Delete
*/
[1716] Fix | Delete
[1717] Fix | Delete
if ( strtolower( $checkvalue ) !== $vless ) {
[1718] Fix | Delete
$ok = false;
[1719] Fix | Delete
}
[1720] Fix | Delete
break;
[1721] Fix | Delete
[1722] Fix | Delete
case 'values':
[1723] Fix | Delete
/*
[1724] Fix | Delete
* The values check is used when you want to make sure that the attribute
[1725] Fix | Delete
* has one of the given values.
[1726] Fix | Delete
*/
[1727] Fix | Delete
[1728] Fix | Delete
if ( false === array_search( strtolower( $value ), $checkvalue, true ) ) {
[1729] Fix | Delete
$ok = false;
[1730] Fix | Delete
}
[1731] Fix | Delete
break;
[1732] Fix | Delete
[1733] Fix | Delete
case 'value_callback':
[1734] Fix | Delete
/*
[1735] Fix | Delete
* The value_callback check is used when you want to make sure that the attribute
[1736] Fix | Delete
* value is accepted by the callback function.
[1737] Fix | Delete
*/
[1738] Fix | Delete
[1739] Fix | Delete
if ( ! call_user_func( $checkvalue, $value ) ) {
[1740] Fix | Delete
$ok = false;
[1741] Fix | Delete
}
[1742] Fix | Delete
break;
[1743] Fix | Delete
} // End switch.
[1744] Fix | Delete
[1745] Fix | Delete
return $ok;
[1746] Fix | Delete
}
[1747] Fix | Delete
[1748] Fix | Delete
/**
[1749] Fix | Delete
* Sanitizes a string and removed disallowed URL protocols.
[1750] Fix | Delete
*
[1751] Fix | Delete
* This function removes all non-allowed protocols from the beginning of the
[1752] Fix | Delete
* string. It ignores whitespace and the case of the letters, and it does
[1753] Fix | Delete
* understand HTML entities. It does its work recursively, so it won't be
[1754] Fix | Delete
* fooled by a string like `javascript:javascript:alert(57)`.
[1755] Fix | Delete
*
[1756] Fix | Delete
* @since 1.0.0
[1757] Fix | Delete
*
[1758] Fix | Delete
* @param string $content Content to filter bad protocols from.
[1759] Fix | Delete
* @param string[] $allowed_protocols Array of allowed URL protocols.
[1760] Fix | Delete
* @return string Filtered content.
[1761] Fix | Delete
*/
[1762] Fix | Delete
function wp_kses_bad_protocol( $content, $allowed_protocols ) {
[1763] Fix | Delete
$content = wp_kses_no_null( $content );
[1764] Fix | Delete
[1765] Fix | Delete
// Short-circuit if the string starts with `https://` or `http://`. Most common cases.
[1766] Fix | Delete
if (
[1767] Fix | Delete
( str_starts_with( $content, 'https://' ) && in_array( 'https', $allowed_protocols, true ) ) ||
[1768] Fix | Delete
( str_starts_with( $content, 'http://' ) && in_array( 'http', $allowed_protocols, true ) )
[1769] Fix | Delete
) {
[1770] Fix | Delete
return $content;
[1771] Fix | Delete
}
[1772] Fix | Delete
[1773] Fix | Delete
$iterations = 0;
[1774] Fix | Delete
[1775] Fix | Delete
do {
[1776] Fix | Delete
$original_content = $content;
[1777] Fix | Delete
$content = wp_kses_bad_protocol_once( $content, $allowed_protocols );
[1778] Fix | Delete
} while ( $original_content !== $content && ++$iterations < 6 );
[1779] Fix | Delete
[1780] Fix | Delete
if ( $original_content !== $content ) {
[1781] Fix | Delete
return '';
[1782] Fix | Delete
}
[1783] Fix | Delete
[1784] Fix | Delete
return $content;
[1785] Fix | Delete
}
[1786] Fix | Delete
[1787] Fix | Delete
/**
[1788] Fix | Delete
* Removes any invalid control characters in a text string.
[1789] Fix | Delete
*
[1790] Fix | Delete
* Also removes any instance of the `\0` string.
[1791] Fix | Delete
*
[1792] Fix | Delete
* @since 1.0.0
[1793] Fix | Delete
*
[1794] Fix | Delete
* @param string $content Content to filter null characters from.
[1795] Fix | Delete
* @param array $options Set 'slash_zero' => 'keep' when '\0' is allowed. Default is 'remove'.
[1796] Fix | Delete
* @return string Filtered content.
[1797] Fix | Delete
*/
[1798] Fix | Delete
function wp_kses_no_null( $content, $options = null ) {
[1799] Fix | Delete
if ( ! isset( $options['slash_zero'] ) ) {
[1800] Fix | Delete
$options = array( 'slash_zero' => 'remove' );
[1801] Fix | Delete
}
[1802] Fix | Delete
[1803] Fix | Delete
$content = preg_replace( '/[\x00-\x08\x0B\x0C\x0E-\x1F]/', '', $content );
[1804] Fix | Delete
if ( 'remove' === $options['slash_zero'] ) {
[1805] Fix | Delete
$content = preg_replace( '/\\\\+0+/', '', $content );
[1806] Fix | Delete
}
[1807] Fix | Delete
[1808] Fix | Delete
return $content;
[1809] Fix | Delete
}
[1810] Fix | Delete
[1811] Fix | Delete
/**
[1812] Fix | Delete
* Strips slashes from in front of quotes.
[1813] Fix | Delete
*
[1814] Fix | Delete
* This function changes the character sequence `\"` to just `"`. It leaves all other
[1815] Fix | Delete
* slashes alone. The quoting from `preg_replace(//e)` requires this.
[1816] Fix | Delete
*
[1817] Fix | Delete
* @since 1.0.0
[1818] Fix | Delete
*
[1819] Fix | Delete
* @param string $content String to strip slashes from.
[1820] Fix | Delete
* @return string Fixed string with quoted slashes.
[1821] Fix | Delete
*/
[1822] Fix | Delete
function wp_kses_stripslashes( $content ) {
[1823] Fix | Delete
return preg_replace( '%\\\\"%', '"', $content );
[1824] Fix | Delete
}
[1825] Fix | Delete
[1826] Fix | Delete
/**
[1827] Fix | Delete
* Converts the keys of an array to lowercase.
[1828] Fix | Delete
*
[1829] Fix | Delete
* @since 1.0.0
[1830] Fix | Delete
*
[1831] Fix | Delete
* @param array $inarray Unfiltered array.
[1832] Fix | Delete
* @return array Fixed array with all lowercase keys.
[1833] Fix | Delete
*/
[1834] Fix | Delete
function wp_kses_array_lc( $inarray ) {
[1835] Fix | Delete
$outarray = array();
[1836] Fix | Delete
[1837] Fix | Delete
foreach ( (array) $inarray as $inkey => $inval ) {
[1838] Fix | Delete
$outkey = strtolower( $inkey );
[1839] Fix | Delete
$outarray[ $outkey ] = array();
[1840] Fix | Delete
[1841] Fix | Delete
foreach ( (array) $inval as $inkey2 => $inval2 ) {
[1842] Fix | Delete
$outkey2 = strtolower( $inkey2 );
[1843] Fix | Delete
$outarray[ $outkey ][ $outkey2 ] = $inval2;
[1844] Fix | Delete
}
[1845] Fix | Delete
}
[1846] Fix | Delete
[1847] Fix | Delete
return $outarray;
[1848] Fix | Delete
}
[1849] Fix | Delete
[1850] Fix | Delete
/**
[1851] Fix | Delete
* Handles parsing errors in `wp_kses_hair()`.
[1852] Fix | Delete
*
[1853] Fix | Delete
* The general plan is to remove everything to and including some whitespace,
[1854] Fix | Delete
* but it deals with quotes and apostrophes as well.
[1855] Fix | Delete
*
[1856] Fix | Delete
* @since 1.0.0
[1857] Fix | Delete
*
[1858] Fix | Delete
* @param string $attr
[1859] Fix | Delete
* @return string
[1860] Fix | Delete
*/
[1861] Fix | Delete
function wp_kses_html_error( $attr ) {
[1862] Fix | Delete
return preg_replace( '/^("[^"]*("|$)|\'[^\']*(\'|$)|\S)*\s*/', '', $attr );
[1863] Fix | Delete
}
[1864] Fix | Delete
[1865] Fix | Delete
/**
[1866] Fix | Delete
* Sanitizes content from bad protocols and other characters.
[1867] Fix | Delete
*
[1868] Fix | Delete
* This function searches for URL protocols at the beginning of the string, while
[1869] Fix | Delete
* handling whitespace and HTML entities.
[1870] Fix | Delete
*
[1871] Fix | Delete
* @since 1.0.0
[1872] Fix | Delete
*
[1873] Fix | Delete
* @param string $content Content to check for bad protocols.
[1874] Fix | Delete
* @param string[] $allowed_protocols Array of allowed URL protocols.
[1875] Fix | Delete
* @param int $count Depth of call recursion to this function.
[1876] Fix | Delete
* @return string Sanitized content.
[1877] Fix | Delete
*/
[1878] Fix | Delete
function wp_kses_bad_protocol_once( $content, $allowed_protocols, $count = 1 ) {
[1879] Fix | Delete
$content = preg_replace( '/(&#0*58(?![;0-9])|&#x0*3a(?![;a-f0-9]))/i', '$1;', $content );
[1880] Fix | Delete
$content2 = preg_split( '/:|&#0*58;|&#x0*3a;|&colon;/i', $content, 2 );
[1881] Fix | Delete
[1882] Fix | Delete
if ( isset( $content2[1] ) && ! preg_match( '%/\?%', $content2[0] ) ) {
[1883] Fix | Delete
$content = trim( $content2[1] );
[1884] Fix | Delete
$protocol = wp_kses_bad_protocol_once2( $content2[0], $allowed_protocols );
[1885] Fix | Delete
if ( 'feed:' === $protocol ) {
[1886] Fix | Delete
if ( $count > 2 ) {
[1887] Fix | Delete
return '';
[1888] Fix | Delete
}
[1889] Fix | Delete
$content = wp_kses_bad_protocol_once( $content, $allowed_protocols, ++$count );
[1890] Fix | Delete
if ( empty( $content ) ) {
[1891] Fix | Delete
return $content;
[1892] Fix | Delete
}
[1893] Fix | Delete
}
[1894] Fix | Delete
$content = $protocol . $content;
[1895] Fix | Delete
}
[1896] Fix | Delete
[1897] Fix | Delete
return $content;
[1898] Fix | Delete
}
[1899] Fix | Delete
[1900] Fix | Delete
/**
[1901] Fix | Delete
* Callback for `wp_kses_bad_protocol_once()` regular expression.
[1902] Fix | Delete
*
[1903] Fix | Delete
* This function processes URL protocols, checks to see if they're in the
[1904] Fix | Delete
* list of allowed protocols or not, and returns different data depending
[1905] Fix | Delete
* on the answer.
[1906] Fix | Delete
*
[1907] Fix | Delete
* @access private
[1908] Fix | Delete
* @ignore
[1909] Fix | Delete
* @since 1.0.0
[1910] Fix | Delete
*
[1911] Fix | Delete
* @param string $scheme URI scheme to check against the list of allowed protocols.
[1912] Fix | Delete
* @param string[] $allowed_protocols Array of allowed URL protocols.
[1913] Fix | Delete
* @return string Sanitized content.
[1914] Fix | Delete
*/
[1915] Fix | Delete
function wp_kses_bad_protocol_once2( $scheme, $allowed_protocols ) {
[1916] Fix | Delete
$scheme = wp_kses_decode_entities( $scheme );
[1917] Fix | Delete
$scheme = preg_replace( '/\s/', '', $scheme );
[1918] Fix | Delete
$scheme = wp_kses_no_null( $scheme );
[1919] Fix | Delete
$scheme = strtolower( $scheme );
[1920] Fix | Delete
[1921] Fix | Delete
$allowed = false;
[1922] Fix | Delete
foreach ( (array) $allowed_protocols as $one_protocol ) {
[1923] Fix | Delete
if ( strtolower( $one_protocol ) === $scheme ) {
[1924] Fix | Delete
$allowed = true;
[1925] Fix | Delete
break;
[1926] Fix | Delete
}
[1927] Fix | Delete
}
[1928] Fix | Delete
[1929] Fix | Delete
if ( $allowed ) {
[1930] Fix | Delete
return "$scheme:";
[1931] Fix | Delete
} else {
[1932] Fix | Delete
return '';
[1933] Fix | Delete
}
[1934] Fix | Delete
}
[1935] Fix | Delete
[1936] Fix | Delete
/**
[1937] Fix | Delete
* Converts and fixes HTML entities.
[1938] Fix | Delete
*
[1939] Fix | Delete
* This function normalizes HTML entities. It will convert `AT&T` to the correct
[1940] Fix | Delete
* `AT&amp;T`, `&#00058;` to `&#058;`, `&#XYZZY;` to `&amp;#XYZZY;` and so on.
[1941] Fix | Delete
*
[1942] Fix | Delete
* When `$context` is set to 'xml', HTML entities are converted to their code points. For
[1943] Fix | Delete
* example, `AT&T&hellip;&#XYZZY;` is converted to `AT&amp;T…&amp;#XYZZY;`.
[1944] Fix | Delete
*
[1945] Fix | Delete
* @since 1.0.0
[1946] Fix | Delete
* @since 5.5.0 Added `$context` parameter.
[1947] Fix | Delete
*
[1948] Fix | Delete
* @param string $content Content to normalize entities.
[1949] Fix | Delete
* @param string $context Context for normalization. Can be either 'html' or 'xml'.
[1950] Fix | Delete
* Default 'html'.
[1951] Fix | Delete
* @return string Content with normalized entities.
[1952] Fix | Delete
*/
[1953] Fix | Delete
function wp_kses_normalize_entities( $content, $context = 'html' ) {
[1954] Fix | Delete
// Disarm all entities by converting & to &amp;
[1955] Fix | Delete
$content = str_replace( '&', '&amp;', $content );
[1956] Fix | Delete
[1957] Fix | Delete
// Change back the allowed entities in our list of allowed entities.
[1958] Fix | Delete
if ( 'xml' === $context ) {
[1959] Fix | Delete
$content = preg_replace_callback( '/&amp;([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_xml_named_entities', $content );
[1960] Fix | Delete
} else {
[1961] Fix | Delete
$content = preg_replace_callback( '/&amp;([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_named_entities', $content );
[1962] Fix | Delete
}
[1963] Fix | Delete
$content = preg_replace_callback( '/&amp;#(0*[0-9]{1,7});/', 'wp_kses_normalize_entities2', $content );
[1964] Fix | Delete
$content = preg_replace_callback( '/&amp;#[Xx](0*[0-9A-Fa-f]{1,6});/', 'wp_kses_normalize_entities3', $content );
[1965] Fix | Delete
[1966] Fix | Delete
return $content;
[1967] Fix | Delete
}
[1968] Fix | Delete
[1969] Fix | Delete
/**
[1970] Fix | Delete
* Callback for `wp_kses_normalize_entities()` regular expression.
[1971] Fix | Delete
*
[1972] Fix | Delete
* This function only accepts valid named entity references, which are finite,
[1973] Fix | Delete
* case-sensitive, and highly scrutinized by HTML and XML validators.
[1974] Fix | Delete
*
[1975] Fix | Delete
* @since 3.0.0
[1976] Fix | Delete
*
[1977] Fix | Delete
* @global array $allowedentitynames
[1978] Fix | Delete
*
[1979] Fix | Delete
* @param array $matches preg_replace_callback() matches array.
[1980] Fix | Delete
* @return string Correctly encoded entity.
[1981] Fix | Delete
*/
[1982] Fix | Delete
function wp_kses_named_entities( $matches ) {
[1983] Fix | Delete
global $allowedentitynames;
[1984] Fix | Delete
[1985] Fix | Delete
if ( empty( $matches[1] ) ) {
[1986] Fix | Delete
return '';
[1987] Fix | Delete
}
[1988] Fix | Delete
[1989] Fix | Delete
$i = $matches[1];
[1990] Fix | Delete
return ( ! in_array( $i, $allowedentitynames, true ) ) ? "&amp;$i;" : "&$i;";
[1991] Fix | Delete
}
[1992] Fix | Delete
[1993] Fix | Delete
/**
[1994] Fix | Delete
* Callback for `wp_kses_normalize_entities()` regular expression.
[1995] Fix | Delete
*
[1996] Fix | Delete
* This function only accepts valid named entity references, which are finite,
[1997] Fix | Delete
* case-sensitive, and highly scrutinized by XML validators. HTML named entity
[1998] Fix | Delete
* references are converted to their code points.
[1999] Fix | Delete
123456
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function