Exemple #1
0
     $newcontent = stripslashes($_POST['newcontent']);
     $theme = urlencode($theme);
     if (is_writeable($file)) {
         //is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable
         $f = fopen($file, 'w+');
         if ($f !== FALSE) {
             fwrite($f, $newcontent);
             fclose($f);
             $location = "theme-editor.php?file={$file}&theme={$theme}&a=te&scrollto={$scrollto}";
         } else {
             $location = "theme-editor.php?file={$file}&theme={$theme}&scrollto={$scrollto}";
         }
     } else {
         $location = "theme-editor.php?file={$file}&theme={$theme}&scrollto={$scrollto}";
     }
     $location = nxt_kses_no_null($location);
     $strip = array('%0d', '%0a', '%0D', '%0A');
     $location = _deep_replace($strip, $location);
     header("Location: {$location}");
     exit;
     break;
 default:
     require_once ABSPATH . 'nxt-admin/admin-header.php';
     update_recently_edited($file);
     if (!is_file($file)) {
         $error = 1;
     }
     $content = '';
     if (!$error && filesize($file) > 0) {
         $f = fopen($file, 'r');
         $content = fread($f, filesize($file));
/**
 * Inline CSS filter
 *
 * @since 2.8.1
 */
function safecss_filter_attr($css, $deprecated = '')
{
    if (!empty($deprecated)) {
        _deprecated_argument(__FUNCTION__, '2.8.1');
    }
    // Never implemented
    $css = nxt_kses_no_null($css);
    $css = str_replace(array("\n", "\r", "\t"), '', $css);
    if (preg_match('%[\\(&=}]|/\\*%', $css)) {
        // remove any inline css containing \ ( & } = or comments
        return '';
    }
    $css_array = explode(';', trim($css));
    $allowed_attr = apply_filters('safe_style_css', array('text-align', 'margin', 'color', 'float', 'border', 'background', 'background-color', 'border-bottom', 'border-bottom-color', 'border-bottom-style', 'border-bottom-width', 'border-collapse', 'border-color', 'border-left', 'border-left-color', 'border-left-style', 'border-left-width', 'border-right', 'border-right-color', 'border-right-style', 'border-right-width', 'border-spacing', 'border-style', 'border-top', 'border-top-color', 'border-top-style', 'border-top-width', 'border-width', 'caption-side', 'clear', 'cursor', 'direction', 'font', 'font-family', 'font-size', 'font-style', 'font-variant', 'font-weight', 'height', 'letter-spacing', 'line-height', 'margin-bottom', 'margin-left', 'margin-right', 'margin-top', 'overflow', 'padding', 'padding-bottom', 'padding-left', 'padding-right', 'padding-top', 'text-decoration', 'text-indent', 'vertical-align', 'width'));
    if (empty($allowed_attr)) {
        return $css;
    }
    $css = '';
    foreach ($css_array as $css_item) {
        if ($css_item == '') {
            continue;
        }
        $css_item = trim($css_item);
        $found = false;
        if (strpos($css_item, ':') === false) {
            $found = true;
        } else {
            $parts = split(':', $css_item);
            if (in_array(trim($parts[0]), $allowed_attr)) {
                $found = true;
            }
        }
        if ($found) {
            if ($css != '') {
                $css .= ';';
            }
            $css .= $css_item;
        }
    }
    return $css;
}
 /**
  * Sanitizes a URL for use in a redirect.
  *
  * @since 2.3
  *
  * @return string redirect-sanitized URL
  **/
 function nxt_sanitize_redirect($location)
 {
     $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
     $location = nxt_kses_no_null($location);
     // remove %0d and %0a from location
     $strip = array('%0d', '%0a');
     $found = true;
     while ($found) {
         $found = false;
         foreach ((array) $strip as $val) {
             while (strpos($location, $val) !== false) {
                 $found = true;
                 $location = str_replace($val, '', $location);
             }
         }
     }
     return $location;
 }
Exemple #4
0
/**
 * Retrieve the post content.
 *
 * @since 0.71
 *
 * @param string $more_link_text Optional. Content for when there is more text.
 * @param bool $stripteaser Optional. Strip teaser content before the more text. Default is false.
 * @return string
 */
function get_the_content($more_link_text = null, $stripteaser = false)
{
    global $post, $more, $page, $pages, $multipage, $preview;
    if (null === $more_link_text) {
        $more_link_text = __('(more...)');
    }
    $output = '';
    $hasTeaser = false;
    // If post password required and it doesn't match the cookie.
    if (post_password_required($post)) {
        $output = get_the_password_form();
        return $output;
    }
    if ($page > count($pages)) {
        // if the requested page doesn't exist
        $page = count($pages);
    }
    // give them the highest numbered page that DOES exist
    $content = $pages[$page - 1];
    if (preg_match('/<!--more(.*?)?-->/', $content, $matches)) {
        $content = explode($matches[0], $content, 2);
        if (!empty($matches[1]) && !empty($more_link_text)) {
            $more_link_text = strip_tags(nxt_kses_no_null(trim($matches[1])));
        }
        $hasTeaser = true;
    } else {
        $content = array($content);
    }
    if (false !== strpos($post->post_content, '<!--noteaser-->') && (!$multipage || $page == 1)) {
        $stripteaser = true;
    }
    $teaser = $content[0];
    if ($more && $stripteaser && $hasTeaser) {
        $teaser = '';
    }
    $output .= $teaser;
    if (count($content) > 1) {
        if ($more) {
            $output .= '<span id="more-' . $post->ID . '"></span>' . $content[1];
        } else {
            if (!empty($more_link_text)) {
                $output .= apply_filters('the_content_more_link', ' <a href="' . get_permalink() . "#more-{$post->ID}\" class=\"more-link\">{$more_link_text}</a>", $more_link_text);
            }
            $output = force_balance_tags($output);
        }
    }
    if ($preview) {
        // preview fix for javascript bug with foreign languages
        $output = preg_replace_callback('/\\%u([0-9A-F]{4})/', '_convert_urlencoded_to_entities', $output);
    }
    return $output;
}
function bb_fix_link($link)
{
    if (false === strpos($link, '.')) {
        // these are usually random words
        return '';
    }
    $link = nxt_kses_no_null($link);
    return esc_url($link);
}
Exemple #6
0
 /**
  * Sanitizes a URL for use in a redirect.
  *
  * @since 2.3
  *
  * @return string redirect-sanitized URL
  **/
 function nxt_sanitize_redirect($location)
 {
     $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
     $location = nxt_kses_no_null($location);
     // remove %0d and %0a from location
     $strip = array('%0d', '%0a', '%0D', '%0A');
     $location = _deep_replace($strip, $location);
     return $location;
 }