/** * {@internal Missing Short Description}} * * @since 2.5.0 * * @return unknown */ function media_upload_form_handler() { check_admin_referer('media-form'); $errors = null; if (isset($_POST['send'])) { $keys = array_keys($_POST['send']); $send_id = (int) array_shift($keys); } if (!empty($_POST['attachments'])) { foreach ($_POST['attachments'] as $attachment_id => $attachment) { $post = $_post = get_post($attachment_id, ARRAY_A); $post_type_object = get_post_type_object($post['post_type']); if (!current_user_can($post_type_object->cap->edit_post, $attachment_id)) { continue; } if (isset($attachment['post_content'])) { $post['post_content'] = $attachment['post_content']; } if (isset($attachment['post_title'])) { $post['post_title'] = $attachment['post_title']; } if (isset($attachment['post_excerpt'])) { $post['post_excerpt'] = $attachment['post_excerpt']; } if (isset($attachment['menu_order'])) { $post['menu_order'] = $attachment['menu_order']; } if (isset($send_id) && $attachment_id == $send_id) { if (isset($attachment['post_parent'])) { $post['post_parent'] = $attachment['post_parent']; } } $post = apply_filters('attachment_fields_to_save', $post, $attachment); if (isset($attachment['image_alt'])) { $image_alt = get_post_meta($attachment_id, '_nxt_attachment_image_alt', true); if ($image_alt != stripslashes($attachment['image_alt'])) { $image_alt = nxt_strip_all_tags(stripslashes($attachment['image_alt']), true); // update_meta expects slashed update_post_meta($attachment_id, '_nxt_attachment_image_alt', addslashes($image_alt)); } } if (isset($post['errors'])) { $errors[$attachment_id] = $post['errors']; unset($post['errors']); } if ($post != $_post) { nxt_update_post($post); } foreach (get_attachment_taxonomies($post) as $t) { if (isset($attachment[$t])) { nxt_set_object_terms($attachment_id, array_map('trim', preg_split('/,+/', $attachment[$t])), $t, false); } } } } if (isset($_POST['insert-gallery']) || isset($_POST['update-gallery'])) { ?> <script type="text/javascript"> /* <![CDATA[ */ var win = window.dialogArguments || opener || parent || top; win.tb_remove(); /* ]]> */ </script> <?php exit; } if (isset($send_id)) { $attachment = stripslashes_deep($_POST['attachments'][$send_id]); $html = $attachment['post_title']; if (!empty($attachment['url'])) { $rel = ''; if (strpos($attachment['url'], 'attachment_id') || get_attachment_link($send_id) == $attachment['url']) { $rel = " rel='attachment nxt-att-" . esc_attr($send_id) . "'"; } $html = "<a href='{$attachment['url']}'{$rel}>{$html}</a>"; } $html = apply_filters('media_send_to_editor', $html, $send_id, $attachment); return media_send_to_editor($html); } return $errors; }
/** * Sanitize a string from user input or from the db * * check for invalid UTF-8, * Convert single < characters to entity, * strip all tags, * remove line breaks, tabs and extra whitre space, * strip octets. * * @since 2.9 * * @param string $str * @return string */ function sanitize_text_field($str) { $filtered = nxt_check_invalid_utf8($str); if (strpos($filtered, '<') !== false) { $filtered = nxt_pre_kses_less_than($filtered); // This will strip extra whitespace for us. $filtered = nxt_strip_all_tags($filtered, true); } else { $filtered = trim(preg_replace('/[\\r\\n\\t ]+/', ' ', $filtered)); } $match = array(); $found = false; while (preg_match('/%[a-f0-9]{2}/i', $filtered, $match)) { $filtered = str_replace($match[0], '', $filtered); $found = true; } if ($found) { // Strip out the whitespace that may now exist after removing the octets. $filtered = trim(preg_replace('/ +/', ' ', $filtered)); } return apply_filters('sanitize_text_field', $filtered, $str); }