function test_optionally_escapes_quotes() { $source = "\"'hello!'\""; $this->assertEquals('"'hello!'"', _wp_specialchars($source, 'single')); $this->assertEquals(""'hello!'"", _wp_specialchars($source, 'double')); $this->assertEquals('"'hello!'"', _wp_specialchars($source, true)); $this->assertEquals($source, _wp_specialchars($source)); }
function layers_sanitize_js($value = FALSE) { $safe_text = _wp_specialchars($value, ENT_QUOTES); $safe_text = preg_replace('/&#(x)?0*(?(1)27|39);?/i', '"', stripslashes($safe_text)); $safe_text = str_replace("\r", '', $safe_text); $safe_text = str_replace("\n", '\\n', addslashes($safe_text)); return trim($safe_text); }
public function build_csp() { $csp = $this->options['content_security_policy']; if (!empty($this->options['csp_report_url'])) { $csp .= "; report-uri "; $csp .= $this->options['csp_report_url']; } $this->csp = _wp_specialchars(wp_check_invalid_utf8($csp), 'double'); if (!$this->options['enforce_csp']) { $this->csp_type .= '-Report-Only'; } }
/** * (non-PHPdoc) * @see \GTO\Framework\Posts\PostMetabox::display() * * @param \Ekko\Core\CoursePost $course */ public final function display($course, $metabox) { $complete = json_encode($course->complete); ?> <input type="hidden" name="<?php echo self::EKKO_COMPLETE; ?> " value="<?php echo _wp_specialchars($complete, ENT_QUOTES, 'UTF8', true); ?> " /> <div class="ekko-bootstrap container-fluid"> <div ng-controller="CourseCompleteController"> <!-- <div class="row-fluid course-nav"> <div class="span12"> <h1 class="pull-left"><?php esc_html_e('Course Completed', \Ekko\TEXT_DOMAIN); ?> </h1> </div> </div> --> <div class="ekko-item"> <div class="navbar ekko-item-yellow"> <div class="navbar-inner"> <div class="container"> <div class="pull-left section-toggle" title="<?php esc_attr_e('click to toggle', \Ekko\TEXT_DOMAIN); ?> " ng-click="complete.active = !complete.active"> <span ng-class="{'icon-chevron-right':!complete.active, 'icon-chevron-down':complete.active}"></span> </div> <div class="brand"><?php esc_html_e('Course Complete', \Ekko\TEXT_DOMAIN); ?> </div> </div> </div> <div collapse="!complete.active" ng-class="{in:icomplete.active}"> <div class="well"> <textarea ck-editor="ckeditor" ng-model="complete.message"></textarea> </div> </div> </div> </div> </div> </div> <?php }
public function saving(&$temp, $post_id, $val, $oval = null) { //$val not cleaned if (is_array($val)) { if (isset($val['img_url'])) { if ('' != $val['img_url']) { $val['img_url'] = _wp_specialchars($val['img_url']); $val = array($this->ftype => $val); array_push($temp, update_post_meta($post_id, $this->name, $val)); } } } }
/** * (non-PHPdoc) * @see \GTO\Framework\Posts\PostMetabox::display() * * @param \Ekko\Core\CoursePost $course * @param array|null $metabox */ public final function display($course, $metabox) { $lessons = json_encode($course->lessons); ?> <input type="hidden" name="<?php echo self::EKKO_LESSONS; ?> " value="<?php echo _wp_specialchars($lessons, ENT_QUOTES, 'UTF8', true); ?> " /> <div class="ekko-bootstrap container-fluid"> <div ng-controller="CourseController"> <div class="row-fluid course-nav"> <div class="span12"> <h1 class="pull-left"><?php esc_html_e('Course Content', \Ekko\TEXT_DOMAIN); ?> </h1> <div class="pull-right ekko-content-buttons"> <a class="btn btn-ekko" href ng-click="addItem( $ekko.lesson() )"><i class="icon-plus icon-white"></i> <?php echo esc_html_x('Lesson', 'add lesson button', \Ekko\TEXT_DOMAIN); ?> </a> <a class="btn btn-pimp" href ng-click="addItem( $ekko.quiz() )"><i class="icon-plus icon-white"></i> <?php echo esc_html_x('Quiz', 'add quiz button', \Ekko\TEXT_DOMAIN); ?> </a> </div> </div> </div> <div class="course-items" ui-sortable="sortableOpts" ng-model="lessons"> <div ng-repeat="item in lessons" ng-include="'ekko-' + item.type" id="{{item.id}}"></div> </div> </div> </div> <?php }
/** * Updgrade fixes for versions before DB version 4 (plugin versions before 1.3.3) */ function iphorm_upgrade_4() { $forms = iphorm_get_all_forms(); foreach ($forms as $form) { if (isset($form['conditional_recipients'])) { foreach ($form['conditional_recipients'] as &$recipient) { $crElement = iphorm_get_element_config($recipient['element'], $form); if ($crElement['type'] == 'radio') { $recipient['value'] = _wp_specialchars($recipient['value'], ENT_NOQUOTES); } } } foreach ($form['elements'] as &$element) { // Go through the logic rules and escape the value if the element that the rule is referring to is a checkbox or radio element if (isset($element['logic_rules']) && is_array($element['logic_rules'])) { foreach ($element['logic_rules'] as &$logicRule) { $lrElement = iphorm_get_element_config($logicRule['element_id'], $form); if (in_array($lrElement['type'], array('checkbox', 'radio'))) { $logicRule['value'] = _wp_specialchars($logicRule['value'], ENT_NOQUOTES); } } } if ($element['type'] == 'groupstart') { // Escape Group title and description $element['title'] = _wp_specialchars($element['title'], ENT_NOQUOTES); $element['description'] = _wp_specialchars($element['description'], ENT_NOQUOTES); } elseif (in_array($element['type'], array('radio', 'checkbox'))) { // Escape options labels and values for radio and checkbox elements foreach ($element['options'] as &$option) { $option['label'] = _wp_specialchars($option['label'], ENT_NOQUOTES); $option['value'] = _wp_specialchars($option['value'], ENT_NOQUOTES); } } } iphorm_save_form($form); } }
/** * Parse search criteria for a entries search. * * array( * 'search_field' => 1, // ID of the field * 'search_value' => '', // Value of the field to search * 'search_operator' => 'contains', // 'is', 'isnot', '>', '<', 'contains' * 'show_only_approved' => 0 or 1 // Boolean * ) * * @param array $args Array of args * @param int $form_id Gravity Forms form ID * @return array Array of search parameters, formatted in Gravity Forms mode, using `status` key set to "active" by default, `field_filters` array with `key`, `value` and `operator` keys. */ public static function get_search_criteria($args, $form_id) { /** * @filter `gravityview_fe_search_criteria` Modify the search criteria * @see GravityView_Widget_Search::filter_entries Adds the default search criteria * @param array $search_criteria Empty `field_filters` key * @param int $form_id ID of the Gravity Forms form that is being searched */ $search_criteria = apply_filters('gravityview_fe_search_criteria', array('field_filters' => array()), $form_id); $original_search_criteria = $search_criteria; do_action('gravityview_log_debug', '[get_search_criteria] Search Criteria after hook gravityview_fe_search_criteria: ', $search_criteria); // implicity search if (!empty($args['search_value'])) { // Search operator options. Options: `is` or `contains` $operator = !empty($args['search_operator']) && in_array($args['search_operator'], array('is', 'isnot', '>', '<', 'contains')) ? $args['search_operator'] : 'contains'; $search_criteria['field_filters'][] = array('key' => rgget('search_field', $args), 'value' => _wp_specialchars($args['search_value']), 'operator' => $operator); } if ($search_criteria !== $original_search_criteria) { do_action('gravityview_log_debug', '[get_search_criteria] Search Criteria after implicity search: ', $search_criteria); } // Handle setting date range $search_criteria = self::process_search_dates($args, $search_criteria); if ($search_criteria !== $original_search_criteria) { do_action('gravityview_log_debug', '[get_search_criteria] Search Criteria after date params: ', $search_criteria); } // remove not approved entries $search_criteria = self::process_search_only_approved($args, $search_criteria); /** * @filter `gravityview_status` Modify entry status requirements to be included in search results. * @param string $status Default: `active`. Accepts all Gravity Forms entry statuses, including `spam` and `trash` */ $search_criteria['status'] = apply_filters('gravityview_status', 'active', $args); return $search_criteria; }
/** * Prepare Bulk Edit field-level updates * * @since 2.11 * * @param integer $post_id Current post ID * @param array $request Form elements, e.g., from $_REQUEST * @param array $custom_field_map Form id to field name mapping * * @return array Non-empty form elements */ public static function mla_prepare_bulk_edits($post_id, $request, $custom_field_map) { /* * Copy the edit form contents to $new_data * Trim text values for testing purposes only */ $new_data = array(); if (isset($request['post_title'])) { $test_value = self::_process_bulk_value($post_id, $request['post_title']); if (!empty($test_value)) { $new_data['post_title'] = $test_value; } elseif (is_null($test_value)) { $new_data['post_title'] = ''; } } if (isset($request['post_excerpt'])) { $test_value = self::_process_bulk_value($post_id, $request['post_excerpt']); if (!empty($test_value)) { $new_data['post_excerpt'] = $test_value; } elseif (is_null($test_value)) { $new_data['post_excerpt'] = ''; } } if (isset($request['post_content'])) { $test_value = self::_process_bulk_value($post_id, $request['post_content']); if (!empty($test_value)) { $new_data['post_content'] = $test_value; } elseif (is_null($test_value)) { $new_data['post_content'] = ''; } } /* * image_alt requires a separate key because some attachment types * should not get a value, e.g., text or PDF documents */ if (isset($request['image_alt'])) { $test_value = self::_process_bulk_value($post_id, $request['image_alt']); if (!empty($test_value)) { $new_data['bulk_image_alt'] = $test_value; } elseif (is_null($test_value)) { $new_data['bulk_image_alt'] = ''; } } if (isset($request['post_parent'])) { if (is_numeric($request['post_parent'])) { $new_data['post_parent'] = $request['post_parent']; } } if (isset($request['post_author'])) { if (-1 != $request['post_author']) { $new_data['post_author'] = $request['post_author']; } } if (isset($request['comment_status'])) { if (-1 != $request['comment_status']) { $new_data['comment_status'] = $request['comment_status']; } } if (isset($request['ping_status'])) { if (-1 != $request['ping_status']) { $new_data['ping_status'] = $request['ping_status']; } } /* * Custom field support */ $custom_fields = array(); if (is_array($custom_field_map)) { foreach ($custom_field_map as $slug => $details) { if (isset($request[$slug])) { $test_value = self::_process_bulk_value($post_id, $request[$slug]); if (!empty($test_value)) { $custom_fields[$details['name']] = $test_value; } elseif (is_null($test_value)) { if ($details['no_null']) { $custom_fields[$details['name']] = NULL; } else { $custom_fields[$details['name']] = ''; } } } } // foreach } if (!empty($custom_fields)) { $new_data['custom_updates'] = $custom_fields; } /* * Taxonomy Support */ $tax_inputs = array(); $tax_actions = array(); self::mla_debug_add("mla_prepare_bulk_edits( {$post_id} ) tax_input = " . var_export($request['tax_input'], true), MLA::MLA_DEBUG_CATEGORY_AJAX); if (isset($request['tax_input']) && is_array($request['tax_input'])) { foreach ($request['tax_input'] as $taxonomy => $terms) { if (!empty($request['tax_action'])) { $tax_action = $request['tax_action'][$taxonomy]; } else { $tax_action = 'replace'; } self::mla_debug_add("mla_prepare_bulk_edits( {$post_id}, {$taxonomy}, {$tax_action} ) terms = " . var_export($terms, true), MLA::MLA_DEBUG_CATEGORY_AJAX); /* * Ignore empty updates */ if ($hierarchical = is_array($terms)) { if (false !== ($index = array_search(0, $terms))) { unset($terms[$index]); } } else { /* * Parse out individual terms */ $comma = _x(',', 'tag_delimiter', 'media-library-assistant'); if (',' !== $comma) { $tags = str_replace($comma, ',', $terms); } $fragments = explode(',', trim($terms, " \n\t\r\v,")); $terms = array(); foreach ($fragments as $fragment) { // WordPress encodes special characters, e.g., "&" as HTML entities in term names if (MLATest::$wp_3dot5) { $fragment = _wp_specialchars(trim(stripslashes_deep($fragment))); } else { $fragment = _wp_specialchars(trim(wp_unslash($fragment))); } if (!empty($fragment)) { $terms[] = $fragment; } } // foreach fragment $terms = array_unique($terms); } if (empty($terms) && 'replace' != $tax_action) { continue; } $post_terms = get_object_term_cache($post_id, $taxonomy); if (false === $post_terms) { $post_terms = wp_get_object_terms($post_id, $taxonomy); wp_cache_add($post_id, $post_terms, $taxonomy . '_relationships'); } $current_terms = array(); foreach ($post_terms as $new_term) { if ($hierarchical) { $current_terms[$new_term->term_id] = $new_term->term_id; } else { $current_terms[$new_term->name] = $new_term->name; } } self::mla_debug_add("mla_prepare_bulk_edits( {$post_id}, {$taxonomy}, {$tax_action} ) current_terms = " . var_export($current_terms, true), MLA::MLA_DEBUG_CATEGORY_AJAX); if ('add' == $tax_action) { /* * Add new terms; remove existing terms */ foreach ($terms as $index => $new_term) { if (isset($current_terms[$new_term])) { unset($terms[$index]); } } $do_update = !empty($terms); } elseif ('remove' == $tax_action) { /* * Remove only the existing terms */ foreach ($terms as $index => $new_term) { if (!isset($current_terms[$new_term])) { unset($terms[$index]); } } $do_update = !empty($terms); } else { /* * Replace all terms; if the new terms match the term * cache, we can skip the update */ foreach ($terms as $new_term) { if (isset($current_terms[$new_term])) { unset($current_terms[$new_term]); } else { $current_terms[$new_term] = $new_term; break; // not a match; stop checking } } $do_update = !empty($current_terms); } self::mla_debug_add("mla_prepare_bulk_edits( {$post_id}, {$taxonomy}, {$tax_action} ) do_update = " . var_export($do_update, true), MLA::MLA_DEBUG_CATEGORY_AJAX); self::mla_debug_add("mla_prepare_bulk_edits( {$post_id}, {$taxonomy}, {$tax_action} ) new terms = " . var_export($terms, true), MLA::MLA_DEBUG_CATEGORY_AJAX); if ($do_update) { $tax_inputs[$taxonomy] = $terms; $tax_actions[$taxonomy] = $tax_action; } } // foreach taxonomy } $new_data['tax_input'] = $tax_inputs; $new_data['tax_action'] = $tax_actions; return $new_data; }
/** * Build the <url> tag for a given URL. * * @param array $url Array of parts that make up this entry * * @return string */ function sitemap_url($url) { // Create a DateTime object date in the correct timezone if (isset($url['mod'])) { $date = new DateTime($url['mod'], new DateTimeZone($this->get_timezone_string())); } else { $date = new DateTime(date('y-m-d H:i:s'), new DateTimeZone($this->get_timezone_string())); } $url['loc'] = htmlspecialchars($url['loc']); $output = "\t<url>\n"; $output .= "\t\t<loc>" . $url['loc'] . "</loc>\n"; $output .= "\t\t<lastmod>" . $date->format('c') . "</lastmod>\n"; $output .= "\t\t<changefreq>" . $url['chf'] . "</changefreq>\n"; $output .= "\t\t<priority>" . str_replace(',', '.', $url['pri']) . "</priority>\n"; if (isset($url['images']) && (is_array($url['images']) && $url['images'] !== array())) { foreach ($url['images'] as $img) { if (!isset($img['src']) || empty($img['src'])) { continue; } $output .= "\t\t<image:image>\n"; $output .= "\t\t\t<image:loc>" . esc_html($img['src']) . "</image:loc>\n"; if (isset($img['title']) && !empty($img['title'])) { $output .= "\t\t\t<image:title><![CDATA[" . _wp_specialchars(html_entity_decode($img['title'], ENT_QUOTES, $this->charset)) . "]]></image:title>\n"; } if (isset($img['alt']) && !empty($img['alt'])) { $output .= "\t\t\t<image:caption><![CDATA[" . _wp_specialchars(html_entity_decode($img['alt'], ENT_QUOTES, $this->charset)) . "]]></image:caption>\n"; } $output .= "\t\t</image:image>\n"; } } $output .= "\t</url>\n"; return $output; }
/** * Cleans a string for XML display purposes. * * @since 1.2.1 * * @link http://php.net/html-entity-decode#98697 Modified for WP from here. * * @param string $in The string to clean. * @param int $offset Offset of the string to start the cleaning at. * * @return string Cleaned string. */ public function clean_string($in, $offset = null) { $out = trim($in); $out = $this->strip_shortcodes($out); $out = html_entity_decode($out, ENT_QUOTES, 'ISO-8859-15'); $out = html_entity_decode($out, ENT_QUOTES, get_bloginfo('charset')); if (!empty($out)) { $entity_start = strpos($out, '&', $offset); if ($entity_start === false) { // ideal return _wp_specialchars($out); } else { $entity_end = strpos($out, ';', $entity_start); if ($entity_end === false) { return _wp_specialchars($out); } elseif ($entity_end > $entity_start + 7) { // und weiter gehts $out = $this->clean_string($out, $entity_start + 1); } else { $clean = substr($out, 0, $entity_start); $subst = substr($out, $entity_start + 1, 1); // š => "s" / š => "_" $clean .= $subst != '#' ? $subst : '_'; $clean .= substr($out, $entity_end + 1); // und weiter gehts $out = $this->clean_string($clean, $entity_start + 1); } } } return _wp_specialchars($out); }
/** * Escapes HTML. Double-encodes existing entities (ideal for editable HTML). * * @since 1.5 * * @param string $str The string that potentially contains HTML. * @return string The filtered string. */ function su_esc_editable_html($str) { return _wp_specialchars($str, ENT_QUOTES, false, true); }
/** * Escaping for HTML attributes. * * @since 2.8.0 * * @param string $text * @return string */ function esc_attr($text) { $safe_text = wp_check_invalid_utf8($text); $safe_text = _wp_specialchars($safe_text, ENT_QUOTES); return apply_filters('attribute_escape', $safe_text, $text); }
/** * Creates a select2 input. * * @param array $args The arguments of the input. * * @return Ai1ec_File_Twig */ public function create_select2_input(array $args) { if (!isset($args['name'])) { $args['name'] = $args['id']; } // Get tags. $tags = get_terms('events_tags', array('orderby' => 'name', 'hide_empty' => 0)); // Build tags array to pass as JSON. $tags_json = array(); foreach ($tags as $term) { $tags_json[] = $term->name; } $tags_json = json_encode($tags_json); $tags_json = _wp_specialchars($tags_json, 'single', 'UTF-8'); $loader = $this->_registry->get('theme.loader'); $select2_args = array('data-placeholder' => __('Tags (optional)', AI1EC_PLUGIN_NAME), 'class' => 'ai1ec-tags-selector span12', 'data-ai1ec-tags' => $tags_json); $select2 = $loader->get_file('select2_input.twig', array('name' => $args['name'], 'id' => $args['id'], 'select2_args' => $select2_args), true); return $select2; }
/** * Escaping for HTML attributes. * * @since 2.8.0 * * @param string $text * @return string */ function esc_attr($text) { $safe_text = wp_check_invalid_utf8($text); $safe_text = _wp_specialchars($safe_text, ENT_QUOTES); /** * Filter a string cleaned and escaped for output in an HTML attribute. * * Text passed to esc_attr() is stripped of invalid or special characters * before output. * * @since 2.0.6 * * @param string $safe_text The text after it has been escaped. * @param string $text The text prior to being escaped. */ return apply_filters('attribute_escape', $safe_text, $text); }
/** * Render the slideshow js * * Returns the necessary markup and js to fire a slideshow. * * @uses $this->enqueue_scripts() */ function slideshow_js($attr) { // Enqueue scripts $this->enqueue_scripts(); $output = ''; if (defined('JSON_HEX_AMP')) { // This is nice to have, but not strictly necessary since we use _wp_specialchars() below $gallery = json_encode($attr['gallery'], JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT); } else { $gallery = json_encode($attr['gallery']); } $output .= '<p class="jetpack-slideshow-noscript robots-nocontent">' . esc_html__('This slideshow requires JavaScript.', 'jetpack') . '</p>'; $output .= sprintf('<div id="%s" class="slideshow-window jetpack-slideshow slideshow-%s" data-trans="%s" data-autostart="%s" data-gallery="%s"></div>', esc_attr($attr['selector'] . '-slideshow'), esc_attr($attr['color']), esc_attr($attr['trans']), esc_attr($attr['autostart']), _wp_specialchars(wp_check_invalid_utf8($gallery), ENT_QUOTES, false, true)); return $output; }
function bp_album_get_picture_title_truncate($length) { global $pictures_template; $title = $pictures_template->picture->title; $title = apply_filters('bp_album_get_picture_title_truncate', $title); $r = wp_specialchars_decode($title, ENT_QUOTES); if (function_exists('mb_strlen') && strlen($r) > mb_strlen($r)) { $length = round($length / 2); } if (function_exists('mb_substr')) { $r = mb_substr($r, 0, $length); } else { $r = substr($r, 0, $length); } $result = _wp_specialchars($r) . '…'; return $result; }
/** * Similar to esc_html() but allows double-encoding. */ function esc_translation($text) { return _wp_specialchars($text, ENT_NOQUOTES, false, true); }
/** * Adds a keyword search to the WHERE clause, if required * * Defined as public because it's a filter. * * @since 0.60 * * @param string query clause before modification * @param object WP_Query object * * @return string query clause after keyword search addition */ public static function mla_query_posts_search_filter($search_string, &$query_object) { global $wpdb; $numeric_clause = ''; $search_clause = ''; $tax_clause = ''; $tax_connector = 'AND'; $tax_index = 0; /* * Process the Terms Search arguments, if present. */ if (isset(self::$search_parameters['mla_terms_search']['phrases'])) { $terms_search_parameters = self::$search_parameters['mla_terms_search']; $terms = array_map('trim', explode(',', $terms_search_parameters['phrases'])); if (1 < count($terms)) { $terms_connector = '('; } else { $terms_connector = ''; } foreach ($terms as $term) { preg_match_all('/".*?("|$)|\'.*?(\'|$)|((?<=[\\t ",+])|^)[^\\t ",+]+/', $term, $matches); $phrases = array_map('MLAQuery::mla_search_terms_tidy', $matches[0]); /* * Find the quoted phrases for a word-boundary check */ $quoted = array(); foreach ($phrases as $index => $phrase) { $quoted[$index] = '"' == $matches[1][$index] || "'" == $matches[2][$index]; } $tax_terms = array(); $tax_counts = array(); foreach ($phrases as $index => $phrase) { if (isset($terms_search_parameters['exact'])) { $the_terms = array(); foreach ($terms_search_parameters['taxonomies'] as $taxonomy) { // WordPress encodes special characters, e.g., "&" as HTML entities in term names $the_term = get_term_by('name', _wp_specialchars($phrase), $taxonomy); if (false !== $the_term) { $the_terms[] = $the_term; } } } else { $is_wildcard_search = !$quoted[$index] && self::_wildcard_search_string($phrase); if ($is_wildcard_search) { add_filter('terms_clauses', 'MLAQuery::mla_query_terms_clauses_filter', 0x7fffffff, 3); } // WordPress encodes special characters, e.g., "&" as HTML entities in term names $the_terms = get_terms($terms_search_parameters['taxonomies'], array('name__like' => _wp_specialchars($phrase), 'fields' => 'all', 'hide_empty' => false)); if ($is_wildcard_search) { remove_filter('terms_clauses', 'MLAQuery::mla_query_terms_clauses_filter', 0x7fffffff); } // Invalid taxonomy will return WP_Error object if (!is_array($the_terms)) { $the_terms = array(); } if ($quoted[$index]) { foreach ($the_terms as $term_index => $the_term) { if (!self::_match_quoted_phrase($phrase, $the_term->name)) { unset($the_terms[$term_index]); } } } // quoted phrase } // not exact foreach ($the_terms as $the_term) { $tax_terms[$the_term->taxonomy][$the_term->term_id] = (int) $the_term->term_taxonomy_id; if (isset($tax_counts[$the_term->taxonomy][$the_term->term_id])) { $tax_counts[$the_term->taxonomy][$the_term->term_id]++; } else { $tax_counts[$the_term->taxonomy][$the_term->term_id] = 1; } } } // foreach phrase /* * For the AND connector, a taxonomy term must have all of the search terms within it */ if ('AND' == $terms_search_parameters['radio_phrases']) { $search_term_count = count($phrases); foreach ($tax_terms as $taxonomy => $term_ids) { foreach ($term_ids as $term_id => $term_taxonomy_id) { if ($search_term_count != $tax_counts[$taxonomy][$term_id]) { unset($term_ids[$term_id]); } } if (empty($term_ids)) { unset($tax_terms[$taxonomy]); } else { $tax_terms[$taxonomy] = $term_ids; } } // foreach taxonomy } // AND (i.e., All phrases) if (!empty($tax_terms)) { $inner_connector = ''; $tax_clause .= $terms_connector; foreach ($tax_terms as $tax_term) { if ('AND' == $terms_search_parameters['radio_terms']) { $prefix = 'mlatt' . $tax_index++; } else { $prefix = 'mlatt0'; $tax_index = 1; // only one JOIN needed for the "Any Term" case } $tax_clause .= sprintf('%1$s %2$s.term_taxonomy_id IN (%3$s)', $inner_connector, $prefix, implode(',', $tax_term)); $inner_connector = ' OR'; } // foreach tax_term $terms_connector = ' ) ' . $terms_search_parameters['radio_terms'] . ' ('; } // tax_terms present } // foreach term if (1 < count($terms) && !empty($tax_clause)) { $tax_clause .= ')'; } if (empty($tax_clause)) { $tax_clause = '1=0'; } else { self::$search_parameters['tax_terms_count'] = $tax_index; } } // isset mla_terms_search /* * Process the keyword search argument, if present. */ if (!empty(self::$search_parameters['s'])) { // WordPress v3.7 says: there are no line breaks in <input /> fields $keyword_string = stripslashes(str_replace(array("\r", "\n"), '', self::$search_parameters['s'])); $is_wildcard_search = self::_wildcard_search_string($keyword_string); if ($is_wildcard_search || self::$search_parameters['sentence'] || self::$search_parameters['exact']) { $keyword_array = array($keyword_string); } else { // v3.6.1 was '/".*?("|$)|((?<=[\r\n\t ",+])|^)[^\r\n\t ",+]+/' preg_match_all('/".*?("|$)|((?<=[\\t ",+])|^)[^\\t ",+]+/', $keyword_string, $matches); $keyword_array = array_map('MLAQuery::mla_search_terms_tidy', $matches[0]); $numeric_array = array_filter($keyword_array, 'is_numeric'); /* * If all the "keywords" are numeric, interpret it/them as the ID(s) of a specific attachment * or the ID(s) of a parent post/page; add it/them to the regular text-based search. */ if (count($keyword_array) && count($keyword_array) == count($numeric_array)) { $numeric_array = implode(',', $numeric_array); $numeric_clause = '( ( ' . $wpdb->posts . '.ID IN (' . $numeric_array . ') ) OR ( ' . $wpdb->posts . '.post_parent IN (' . $numeric_array . ') ) ) OR '; } } $fields = self::$search_parameters['mla_search_fields']; $allow_terms_search = in_array('terms', $fields) && !$is_wildcard_search; $percent = self::$search_parameters['exact'] ? '' : '%'; $connector = ''; if (empty($fields)) { $search_clause = '1=0'; } else { $tax_terms = array(); $tax_counts = array(); foreach ($keyword_array as $term) { if ($is_wildcard_search) { /* * Escape any % in the source string */ if (self::$wp_4dot0_plus) { $sql_term = $wpdb->esc_like($term); $sql_term = $wpdb->prepare('%s', $sql_term); } else { $sql_term = "'" . esc_sql(like_escape($term)) . "'"; } /* * Convert wildcard * to SQL % */ $sql_term = str_replace('*', '%', $sql_term); } else { if (self::$wp_4dot0_plus) { $sql_term = $percent . $wpdb->esc_like($term) . $percent; $sql_term = $wpdb->prepare('%s', $sql_term); } else { $sql_term = "'" . $percent . esc_sql(like_escape($term)) . $percent . "'"; } } $inner_connector = ''; $inner_clause = ''; if (in_array('content', $fields)) { $inner_clause .= "{$inner_connector}({$wpdb->posts}.post_content LIKE {$sql_term})"; $inner_connector = ' OR '; } if (in_array('title', $fields)) { $inner_clause .= "{$inner_connector}({$wpdb->posts}.post_title LIKE {$sql_term})"; $inner_connector = ' OR '; } if (in_array('excerpt', $fields)) { $inner_clause .= "{$inner_connector}({$wpdb->posts}.post_excerpt LIKE {$sql_term})"; $inner_connector = ' OR '; } if (in_array('alt-text', $fields)) { $view_name = self::$mla_alt_text_view; $inner_clause .= "{$inner_connector}({$view_name}.meta_value LIKE {$sql_term})"; $inner_connector = ' OR '; } if (in_array('name', $fields)) { $inner_clause .= "{$inner_connector}({$wpdb->posts}.post_name LIKE {$sql_term})"; } $inner_clause = apply_filters('mla_list_table_search_filter_inner_clause', $inner_clause, $inner_connector, $wpdb->posts, $sql_term); if (!empty($inner_clause)) { $search_clause .= "{$connector}({$inner_clause})"; $connector = ' ' . self::$search_parameters['mla_search_connector'] . ' '; } /* * Convert search term text to term_taxonomy_id value(s), * separated by taxonomy. */ if ($allow_terms_search) { // WordPress encodes special characters, e.g., "&" as HTML entities in term names $the_terms = get_terms(self::$search_parameters['mla_search_taxonomies'], array('name__like' => _wp_specialchars($term), 'fields' => 'all', 'hide_empty' => false)); // Invalid taxonomy will return WP_Error object if (!is_array($the_terms)) { $the_terms = array(); } foreach ($the_terms as $the_term) { $tax_terms[$the_term->taxonomy][$the_term->term_id] = (int) $the_term->term_taxonomy_id; if (isset($tax_counts[$the_term->taxonomy][$the_term->term_id])) { $tax_counts[$the_term->taxonomy][$the_term->term_id]++; } else { $tax_counts[$the_term->taxonomy][$the_term->term_id] = 1; } } } // in_array terms } // foreach term if ($allow_terms_search) { /* * For the AND connector, a taxonomy term must have all of the search terms within it */ if ('AND' == self::$search_parameters['mla_search_connector']) { $search_term_count = count($keyword_array); foreach ($tax_terms as $taxonomy => $term_ids) { foreach ($term_ids as $term_id => $term_taxonomy_id) { if ($search_term_count != $tax_counts[$taxonomy][$term_id]) { unset($term_ids[$term_id]); } } if (empty($term_ids)) { unset($tax_terms[$taxonomy]); } else { $tax_terms[$taxonomy] = $term_ids; } } // foreach taxonomy } // AND connector if (empty($tax_terms)) { /* * If "Terms" is the only field and no terms are present, * the search must fail. */ if (1 == count($fields) && 'terms' == array_shift($fields)) { $tax_clause = '1=0'; } } else { $tax_index = 0; $inner_connector = ''; foreach ($tax_terms as $tax_term) { $prefix = 'mlatt' . $tax_index++; $tax_clause .= sprintf('%1$s %2$s.term_taxonomy_id IN (%3$s)', $inner_connector, $prefix, implode(',', $tax_term)); $inner_connector = ' OR'; } // foreach tax_term self::$search_parameters['tax_terms_count'] = $tax_index; $tax_connector = 'OR'; } // tax_terms present } // terms in fields } // fields not empty } // isset 's' if (!empty($tax_clause) && !empty($search_clause)) { $tax_clause = " {$tax_connector} ({$tax_clause} )"; } if (!empty($search_clause) || !empty($tax_clause)) { $search_clause = " AND ( {$numeric_clause}{$search_clause}{$tax_clause} ) "; if (!is_user_logged_in()) { $search_clause .= " AND ( {$wpdb->posts}.post_password = '' ) "; } } if ('none' != self::$search_parameters['debug']) { $debug_array['search_string'] = $search_string; $debug_array['search_parameters'] = self::$search_parameters; $debug_array['search_clause'] = $search_clause; if ('shortcode' == self::$search_parameters['debug']) { MLACore::mla_debug_add('<strong>mla_debug posts_search filter</strong> = ' . var_export($debug_array, true)); } else { /* translators: 1: DEBUG tag 2: search filter details */ MLACore::mla_debug_add(sprintf(_x('%1$s: mla_query_posts_search_filter = "%2$s".', 'error_log', 'media-library-assistant'), __('DEBUG', 'media-library-assistant'), var_export($debug_array, true))); } } // debug return $search_clause; }
/** * Display a form for adding and editing h5p content. * * @since 1.1.0 */ public function display_new_content_page() { $contentExists = $this->content !== NULL; $plugin = H5P_Plugin::get_instance(); $core = $plugin->get_h5p_instance('core'); // Prepare form $title = $this->get_input('title', $contentExists ? $this->content['title'] : ''); $library = $this->get_input('library', $contentExists ? H5PCore::libraryToString($this->content['library']) : 0); $parameters = $this->get_input('parameters', $contentExists ? $core->filterParameters($this->content) : '{}'); // Determine upload or create if (!$contentExists && !$this->has_libraries()) { $upload = TRUE; } else { $upload = filter_input(INPUT_POST, 'action') === 'upload'; } // Filter/escape parameters, double escape that is... $safe_text = wp_check_invalid_utf8($parameters); $safe_text = _wp_specialchars($safe_text, ENT_QUOTES, false, true); $parameters = apply_filters('attribute_escape', $safe_text, $parameters); include_once 'views/new-content.php'; $this->add_editor_assets($contentExists ? $this->content['id'] : NULL); H5P_Plugin_Admin::add_script('jquery', 'h5p-php-library/js/jquery.js'); H5P_Plugin_Admin::add_script('disable', 'h5p-php-library/js/disable.js'); H5P_Plugin_Admin::add_script('toggle', 'admin/scripts/h5p-toggle.js'); // Log editor opened if ($contentExists) { new H5P_Event('content', 'edit', $this->content['id'], $this->content['title'], $this->content['library']['name'], $this->content['library']['majorVersion'] . '.' . $this->content['library']['minorVersion']); } else { new H5P_Event('content', 'new'); } }
/** * Filter the content and encode any bad HTML tags * * @since bbPress (r4641) * * @param string $content Topic and reply content * @return string Partially encodedd content */ function bbp_encode_bad($content = '') { // Setup variables $content = _wp_specialchars($content, ENT_NOQUOTES); $content = preg_split('@(`[^`]*`)@m', $content, -1, PREG_SPLIT_NO_EMPTY + PREG_SPLIT_DELIM_CAPTURE); $allowed = bbp_kses_allowed_tags(); $empty = array('br' => true, 'hr' => true, 'img' => true, 'input' => true, 'param' => true, 'area' => true, 'col' => true, 'embed' => true); // Loop through allowed tags and compare for empty and normal tags foreach ($allowed as $tag => $args) { $preg = $args ? "{$tag}(?:\\s.*?)?" : $tag; // Which walker to use based on the tag and arguments if (isset($empty[$tag])) { array_walk($content, 'bbp_encode_empty_callback', $preg); } else { array_walk($content, 'bbp_encode_normal_callback', $preg); } } // Return the joined content array return implode('', $content); }
the_title(); ?> </h2> <h3 class="page-title"><span>From</span> <a href="<?php echo get_permalink($post->post_parent); ?> " rev="attachment"><?php echo get_the_title($post->post_parent); ?> </a></h3> <div class="entry-content"> <div class="entry-attachment"><a href="<?php echo wp_get_attachment_url($post->ID); ?> " title="<?php echo _wp_specialchars(get_the_title($post->ID), 1); ?> " rel="attachment"><?php echo wp_get_attachment_image($post->ID, 'large'); ?> </a></div> <div class="entry-caption"><?php if (!empty($post->post_excerpt)) { the_excerpt(); } ?> </div> <?php the_content('<span class="more-link">' . __('Continue reading ›', 'barthelme') . '</span>'); ?>
echo esc_url(wp_get_attachment_url($item->image->ID)); ?> " data-orig-size="<?php echo esc_attr($item->meta_width()); ?> ,<?php echo esc_attr($item->meta_height()); ?> " data-comments-opened="<?php echo esc_attr(comments_open($item->image->ID)); ?> " data-image-meta="<?php echo _wp_specialchars(wp_check_invalid_utf8($fuzzy_image_meta), ENT_QUOTES, false, true); ?> " data-image-title="<?php echo esc_attr(wptexturize($item->image->post_title)); ?> " data-image-description="<?php echo esc_attr(wpautop(wptexturize($item->image->post_content))); ?> " data-medium-file="<?php echo esc_url($item->medium_file()); ?> " data-large-file="<?php
));" <?php echo in_array($option['value'], $element['default_value'], true) ? 'checked="checked"' : ''; ?> /> <input class="ifb-option-label" type="text" value="<?php echo _wp_specialchars($option['label'], ENT_COMPAT, false, true); ?> " onkeyup="iPhorm.updateOptions(iPhorm.getElementById(<?php echo $id; ?> ));" onclick="iPhorm.maybeSelectOptionText(this);" onblur="iPhorm.updateLogicOptions(iPhorm.getElementById(<?php echo $id; ?> ));" /> <input class="ifb-option-value" type="text" value="<?php echo _wp_specialchars($option['value'], ENT_COMPAT, false, true); ?> " onkeyup="iPhorm.updateOptions(iPhorm.getElementById(<?php echo $id; ?> ));" onblur="iPhorm.updateLogicOptions(iPhorm.getElementById(<?php echo $id; ?> ));" /> <span class="ifb-add-option" onclick="iPhorm.addOption(this, iPhorm.getElementById(<?php echo $id; ?> ));">+</span> <span class="ifb-remove-option" onclick="iPhorm.removeOption(this, iPhorm.getElementById(<?php echo $id; ?>
/** * Finds a $relevant_term (if defined) given a key and (optional) a language * * @since 2.11 * @uses MLA_WPML::$relevant_terms * * @param string $field to search in; 'id', 'name', or 'term_taxonomy_id' * @param mixed $value to search for; integer, string or integer * @param string $taxonomy to search in; slug * @param string $language code; string; optional * @param boolean $test_only false (default) to add missing term, true to leave term out * @param boolean Ignore the Sitepress terms cache; optional */ private static function _get_relevant_term($field, $value, $taxonomy, $language = NULL, $test_only = false, $skip_cache = false) { /* * WordPress encodes special characters, e.g., "&" as HTML entities in term names */ if ('name' == $field) { $value = _wp_specialchars($value); } $relevant_term = false; foreach (self::$relevant_terms as $term_taxonomy_id => $candidate) { if ($taxonomy != $candidate['term']->taxonomy) { continue; } switch ($field) { case 'id': if ($value == $candidate['term']->term_id) { $relevant_term = $candidate; } break; case 'name': if ($value == $candidate['term']->name) { $relevant_term = $candidate; } break; case 'term_taxonomy_id': if ($value == $term_taxonomy_id) { $relevant_term = $candidate; } break; } // field if (!empty($relevant_term)) { break; } } // relevant term if (false === $relevant_term && $test_only) { return false; } /* * If no match, try to add it and its translations */ if (false === $relevant_term && ($candidate = get_term_by($field, $value, $taxonomy))) { $relevant_term = self::_add_relevant_term($candidate, NULL, $skip_cache); foreach ($relevant_term['translations'] as $translation) { if (array_key_exists($translation->element_id, self::$relevant_terms)) { continue; } $term_object = get_term_by('term_taxonomy_id', $translation->element_id, $taxonomy); self::_add_relevant_term($term_object, $relevant_term['translations'], $skip_cache); } // translation } // new term /* * Find the language-specific value, if requested */ if ($relevant_term && !empty($language)) { if ($relevant_term && array_key_exists($language, $relevant_term['translations'])) { $relevant_term = self::$relevant_terms[$relevant_term['translations'][$language]->element_id]; } else { $relevant_term = false; } } return $relevant_term; }
function ajax_mts_translation_panel() { $poparser = new PoParser(); $mts_translations = get_option('mts_translations_' . MTS_THEME_NAME); //$this->options['translations']; $entries = $poparser->read(get_template_directory() . '/lang/default.po'); $i = 0; $page = empty($_POST['page']) ? 1 : (int) $_POST['page']; $search_query = empty($_POST['search']) ? '' : $_POST['search']; $strings_per_page = 20; $strings_tmp = array(); if ($search_query) { foreach ($entries as $string_id => $object) { $message = ''; foreach ($object['msgid'] as $line) { $message .= $line; } $value = empty($mts_translations[$message]) ? '' : $mts_translations[$message]; if (stristr($value, $search_query) !== false || stristr($message, $search_query) !== false) { $strings_tmp[$string_id] = $object; } } $entries = $strings_tmp; } $number = count($entries); $number_translated = 0; $this->mts_translation_pagination($number, $strings_per_page, $page); $form = ''; foreach ($entries as $string_id => $object) { $i++; $message = ''; foreach ($object['msgid'] as $line) { $message .= $line; } if (!empty($mts_translations[$message])) { $number_translated++; } if ($i > ($page - 1) * $strings_per_page && $i <= $page * $strings_per_page) { $reference = implode(' ', $object['reference']); $reference = implode(', ', explode(' ', $reference)); $value = empty($mts_translations[$message]) ? '' : $mts_translations[$message]; $form .= '<div class="translate-string-wrapper">'; // debug //echo '<!-- '.print_r($object,1).' -->'; $form .= '<label for="translate-string-' . $i . '">' . esc_html($message) . ' <span>(' . $reference . ')</span></label>'; //echo '<input type="text" name="'.$this->args['opt_name'].'[translations]['._wp_specialchars( $message, ENT_QUOTES, false, true ).']" id="translate-string-'.$i.'" value="'._wp_specialchars( $value, ENT_QUOTES, false, true ).'">'; $form .= '<textarea id="translate-string-' . $i . '" data-id="' . _wp_specialchars($message, ENT_QUOTES, false, true) . '" class="mts_translate_textarea">'; $form .= esc_textarea($value); $form .= '</textarea>'; $form .= '</div>'; } } echo $form; if ($number == 0) { $percent = 0; } else { $percent = $number_translated / $number * 100; } echo '<div class="translation_info">' . sprintf(__('Translated <span class="translated">%1$d</span> strings out of <span class="total">%2$d</span> <span class="percent">(%3$.2f%%)</span>', 'mythemeshop'), $number_translated, $number, $percent) . '</div>'; $this->mts_translation_pagination($number, $strings_per_page, $page); exit; // required for AJAX in WP }
/** * Build the <url> tag for a given URL. * * @param array $url Array of parts that make up this entry * @return string */ function sitemap_url($url) { if (isset($url['mod'])) { $date = mysql2date("Y-m-d\\TH:i:s+00:00", $url['mod']); } else { $date = date('c'); } $output = "\t<url>\n"; $output .= "\t\t<loc>" . $url['loc'] . "</loc>\n"; $output .= "\t\t<lastmod>" . $date . "</lastmod>\n"; $output .= "\t\t<changefreq>" . $url['chf'] . "</changefreq>\n"; $output .= "\t\t<priority>" . str_replace(',', '.', $url['pri']) . "</priority>\n"; if (isset($url['images']) && count($url['images']) > 0) { foreach ($url['images'] as $img) { if (!isset($img['src']) || empty($img['src'])) { continue; } $output .= "\t\t<image:image>\n"; $output .= "\t\t\t<image:loc>" . esc_html($img['src']) . "</image:loc>\n"; if (isset($img['title']) && !empty($img['title'])) { $output .= "\t\t\t<image:title>" . _wp_specialchars(html_entity_decode($img['title'], ENT_QUOTES, get_bloginfo('charset'))) . "</image:title>\n"; } if (isset($img['alt']) && !empty($img['alt'])) { $output .= "\t\t\t<image:caption>" . _wp_specialchars(html_entity_decode($img['alt'], ENT_QUOTES, get_bloginfo('charset'))) . "</image:caption>\n"; } $output .= "\t\t</image:image>\n"; } } $output .= "\t</url>\n"; return $output; }
// This is nice to have, but not strictly necessary since we use _wp_specialchars() below $extra = json_encode($this->get_container_extra_data(), JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT); } else { $extra = json_encode($this->get_container_extra_data()); } ?> <div class="tiled-gallery type-<?php echo $this->type; ?> tiled-gallery-unresized" data-original-width="<?php echo esc_attr(Jetpack_Tiled_Gallery::get_content_width()); ?> " <?php if (isset($extra)) { ?> data-carousel-extra='<?php echo _wp_specialchars(wp_check_invalid_utf8($extra), ENT_QUOTES, false, true); ?> ' <?php } ?> > <?php $this->template("{$this->type}-layout", $context); ?> </div>
function esc_attr($value) { if (is_array($value)) { return array_map(array($this, 'esc_attr'), $value); } $value = Grunion_Contact_Form_Plugin::strip_tags($value); $value = _wp_specialchars($value, ENT_QUOTES, false, true); // Shortcode attributes can't contain "]" $value = str_replace(']', '', $value); $value = str_replace(',', ',', $value); // store commas encoded $value = strtr($value, array('%' => '%25', '&' => '%26')); // shortcode_parse_atts() does stripcslashes() $value = addslashes($value); return $value; }
<?php } else { ?> <div class="formcontainer"> <form id="commentform" action="<?php echo get_option('siteurl'); ?> /wp-comments-post.php" method="post"> <?php if ($user_ID) { ?> <div id="loggedin"><?php printf(__('Logged in as <a href="%1$s" title="View your profile" class="fn">%2$s</a>. <a href="%3$s" title="Log out of this account">Log out?</a>', 'barthelme'), get_option('siteurl') . '/wp-admin/profile.php', _wp_specialchars($user_identity, true), get_option('siteurl') . '/wp-login.php?action=logout&redirect_to=' . get_permalink()); ?> </div> <?php } else { ?> <div id="comment-notes"><?php _e('Your email is <em>never</em> published nor shared.', 'barthelme'); ?> <?php if ($req) { _e('Required fields are marked <span class="req-field">*</span>', 'barthelme'); } ?>