function safecss_init() { // Register safecss as a custom post_type register_post_type('safecss', array('supports' => array('revisions'))); // Short-circuit WP if this is a CSS stylesheet request if (isset($_GET['custom-css'])) { header('Content-Type: text/css', true, 200); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 31536000) . ' GMT'); // 1 year $blog_id = $_GET['csblog']; if (is_int($blog_id)) { switch_to_blog($blog_id); $current_plugins = apply_filters('active_plugins', get_option('active_plugins')); } safecss_print(); exit; } // Do migration routine if necessary if (!empty($_GET['page']) && 'editcss' == $_GET['page'] && is_admin()) { migrate(); } add_action('wp_head', 'safecss_style', 101); if (!current_user_can('switch_themes') && !is_super_admin()) { return; } add_action('admin_menu', 'safecss_menu'); if (isset($_POST['safecss']) && false == strstr($_SERVER['REQUEST_URI'], 'options.php')) { check_admin_referer('safecss'); // Remove wp_filter_post_kses, this causes CSS escaping issues remove_filter('content_save_pre', 'wp_filter_post_kses'); remove_filter('content_filtered_save_pre', 'wp_filter_post_kses'); remove_all_filters('content_save_pre'); safecss_class(); $csstidy = new csstidy(); $csstidy->optimise = new safecss($csstidy); $csstidy->set_cfg('remove_bslash', false); $csstidy->set_cfg('compress_colors', false); $csstidy->set_cfg('compress_font-weight', false); $csstidy->set_cfg('discard_invalid_properties', true); $csstidy->set_cfg('merge_selectors', false); $css = $orig = stripslashes($_POST['safecss']); $css = preg_replace('/\\\\([0-9a-fA-F]{4})/', '\\\\\\\\$1', $prev = $css); if ($css != $prev) { $warnings[] = 'preg_replace found stuff'; } // Some people put weird stuff in their CSS, KSES tends to be greedy $css = str_replace('<=', '<=', $css); // Why KSES instead of strip_tags? Who knows? $css = wp_kses_split($prev = $css, array(), array()); $css = str_replace('>', '>', $css); // kses replaces lone '>' with > // Why both KSES and strip_tags? Because we just added some '>'. $css = strip_tags($css); if ($css != $prev) { $warnings[] = 'kses found stuff'; } $csstidy->parse($css); $css = $csstidy->print->plain(); if (intval($_POST['custom_content_width']) > 0) { $custom_content_width = intval($_POST['custom_content_width']); } else { $custom_content_width = false; } if ($_POST['add_to_existing'] == 'true') { $add_to_existing = 'yes'; } else { $add_to_existing = 'no'; } if ('preview' == $_POST['action'] || safecss_is_freetrial()) { $is_preview = true; // Save the CSS save_revision($css, $is_preview); // Cache Buster update_option('safecss_preview_rev', intval(get_option('safecss_preview_rev')) + 1); update_option('safecss_preview_add', $add_to_existing); update_option('safecss_preview_content_width', $custom_content_width); wp_redirect(add_query_arg('csspreview', 'true', get_option('home'))); exit; } // Save the CSS save_revision($css); update_option('safecss_rev', intval(get_option('safecss_rev')) + 1); update_option('safecss_add', $add_to_existing); update_option('safecss_content_width', $custom_content_width); add_action('admin_notices', 'safecss_saved'); } // Modify all internal links so that preview state persists if (safecss_is_preview()) { ob_start('safecss_buffer'); } }
function safecss_init() { define('SAFECSS_USE_ACE', !jetpack_is_mobile() && !Jetpack_User_Agent_Info::is_ipad() && apply_filters('safecss_use_ace', true)); // Register safecss as a custom post_type // Explicit capability definitions are largely unnecessary because the posts are manipulated in code via an options page, managing CSS revisions does check the capabilities, so let's ensure that the proper caps are checked. register_post_type('safecss', array('supports' => array('revisions'), 'label' => 'Custom CSS', 'can_export' => false, 'rewrite' => false, 'capabilities' => array('edit_post' => 'edit_theme_options', 'read_post' => 'read', 'delete_post' => 'edit_theme_options', 'edit_posts' => 'edit_theme_options', 'edit_others_posts' => 'edit_theme_options', 'publish_posts' => 'edit_theme_options', 'read_private_posts' => 'read'))); // Short-circuit WP if this is a CSS stylesheet request if (isset($_GET['custom-css'])) { header('Content-Type: text/css', true, 200); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 31536000) . ' GMT'); // 1 year safecss_print(); exit; } if (isset($_GET['page']) && 'editcss' == $_GET['page'] && is_admin()) { // Do migration routine if necessary migrate(); do_action('safecss_migrate_post'); } add_action('wp_head', 'safecss_style', 101); if (!current_user_can('switch_themes') && !is_super_admin()) { return; } add_action('admin_menu', 'safecss_menu'); if (isset($_POST['safecss']) && false == strstr($_SERVER['REQUEST_URI'], 'options.php')) { check_admin_referer('safecss'); // Remove wp_filter_post_kses, this causes CSS escaping issues remove_filter('content_save_pre', 'wp_filter_post_kses'); remove_filter('content_filtered_save_pre', 'wp_filter_post_kses'); remove_all_filters('content_save_pre'); do_action('safecss_save_pre'); $warnings = array(); safecss_class(); $csstidy = new csstidy(); $csstidy->optimise = new safecss($csstidy); $csstidy->set_cfg('remove_bslash', false); $csstidy->set_cfg('compress_colors', false); $csstidy->set_cfg('compress_font-weight', false); $csstidy->set_cfg('optimise_shorthands', 0); $csstidy->set_cfg('remove_last_;', false); $csstidy->set_cfg('case_properties', false); $csstidy->set_cfg('discard_invalid_properties', true); $csstidy->set_cfg('css_level', 'CSS3.0'); $csstidy->set_cfg('preserve_css', true); $csstidy->set_cfg('template', dirname(__FILE__) . '/csstidy/wordpress-standard.tpl'); $css = $orig = stripslashes($_POST['safecss']); $css = preg_replace('/\\\\([0-9a-fA-F]{4})/', '\\\\\\\\$1', $prev = $css); if ($css != $prev) { $warnings[] = 'preg_replace found stuff'; } // Some people put weird stuff in their CSS, KSES tends to be greedy $css = str_replace('<=', '<=', $css); // Why KSES instead of strip_tags? Who knows? $css = wp_kses_split($prev = $css, array(), array()); $css = str_replace('>', '>', $css); // kses replaces lone '>' with > // Why both KSES and strip_tags? Because we just added some '>'. $css = strip_tags($css); if ($css != $prev) { $warnings[] = 'kses found stuff'; } do_action('safecss_parse_pre', $csstidy, $css); $csstidy->parse($css); do_action('safecss_parse_post', $csstidy, $warnings); $css = $csstidy->print->plain(); if (isset($_POST['custom_content_width']) && intval($_POST['custom_content_width']) > 0) { $custom_content_width = intval($_POST['custom_content_width']); } else { $custom_content_width = false; } if ($_POST['add_to_existing'] == 'true') { $add_to_existing = 'yes'; } else { $add_to_existing = 'no'; } if ($_POST['action'] == 'preview' || safecss_is_freetrial()) { // Save the CSS $safecss_revision_id = save_revision($css, true); // Cache Buster update_option('safecss_preview_rev', intval(get_option('safecss_preview_rev')) + 1); update_metadata('post', $safecss_revision_id, 'custom_css_add', $add_to_existing); update_metadata('post', $safecss_revision_id, 'content_width', $custom_content_width); if ($_POST['action'] == 'preview') { wp_safe_redirect(add_query_arg('csspreview', 'true', get_option('home'))); exit; } do_action('safecss_save_preview_post'); } // Save the CSS $safecss_post_id = save_revision($css); $safecss_post_revision = get_current_revision(); update_option('safecss_rev', intval(get_option('safecss_rev')) + 1); update_post_meta($safecss_post_id, 'custom_css_add', $add_to_existing); update_post_meta($safecss_post_id, 'content_width', $custom_content_width); update_metadata('post', $safecss_post_revision['ID'], 'custom_css_add', $add_to_existing); update_metadata('post', $safecss_post_revision['ID'], 'content_width', $custom_content_width); add_action('admin_notices', 'safecss_saved'); } // Modify all internal links so that preview state persists if (safecss_is_preview()) { ob_start('safecss_buffer'); } }