/**
* Sanitises a fragment of XML code.
*
* @since 1.4
*
* @param string $xml
* @return string
*/
public static function ksesXML($xml)
{
$xml = wp_kses_no_null($xml);
$xml = wp_kses_js_entities($xml);
$xml = wp_kses_normalize_entities($xml);
return preg_replace_callback('%(<[^>]*(>|$)|>)%', array('self', 'kses_split'), $xml);
}
function get_the_content($more_link_text = '(more...)', $stripteaser = 0, $more_file = '')
{
global $id, $post, $more, $single, $withcomments, $page, $pages, $multipage, $numpages;
global $preview;
global $pagenow;
$output = '';
if (!empty($post->post_password)) {
// if there's a password
if (stripslashes($_COOKIE['wp-postpass_' . COOKIEHASH]) != $post->post_password) {
// and it doesn't match the cookie
$output = get_the_password_form();
return $output;
}
}
if ($more_file != '') {
$file = $more_file;
} else {
$file = $pagenow;
}
//$_SERVER['PHP_SELF'];
if ($page > count($pages)) {
// if the requested page doesn't exist
$page = count($pages);
}
// give them the highest numbered page that DOES exist
$content = $pages[$page - 1];
if (preg_match('/<!--more(.+?)?-->/', $content, $matches)) {
$content = explode($matches[0], $content, 2);
if (!empty($matches[1]) && !empty($more_link_text)) {
$more_link_text = strip_tags(wp_kses_no_null(trim($matches[1])));
}
} else {
$content = array($content);
}
if (false !== strpos($post->post_content, '<!--noteaser-->') && (!$multipage || $page == 1)) {
$stripteaser = 1;
}
$teaser = $content[0];
if ($more && $stripteaser) {
$teaser = '';
}
$output .= $teaser;
if (count($content) > 1) {
if ($more) {
$output .= '<a id="more-' . $id . '"></a>' . $content[1];
} else {
$output = balanceTags($output);
if (!empty($more_link_text)) {
$output .= ' <a href="' . get_permalink() . "#more-{$id}\" class=\"more-link\">{$more_link_text}</a>";
}
}
}
if ($preview) {
// preview fix for javascript bug with foreign languages
$output = preg_replace('/\\%u([0-9A-F]{4,4})/e', "'&#'.base_convert('\\1',16,10).';'", $output);
}
return $output;
}
function get_morelinktext_postmeta($value, $key, $post)
{
if (!strlen($value)) {
//Import any custom anchors from the post itself
$content = $post->post_content;
$matches = array();
if (preg_match('/<!--more(.*?)?-->/', $content, $matches)) {
$content = explode($matches[0], $content, 2);
if (!empty($matches[1])) {
return strip_tags(wp_kses_no_null(trim($matches[1])));
}
}
}
return $value;
}
private function sanitize_posted_data($value)
{
if (is_array($value)) {
$value = array_map(array($this, 'sanitize_posted_data'), $value);
} elseif (is_string($value)) {
$value = wp_check_invalid_utf8($value);
$value = wp_kses_no_null($value);
}
return $value;
}
function wp_kses_bad_protocol_once2($string, $allowed_protocols)
###############################################################################
# This function processes URL protocols, checks to see if they're in the white-
# list or not, and returns different data depending on the answer.
###############################################################################
{
$string2 = wp_kses_decode_entities($string);
$string2 = preg_replace('/\s/', '', $string2);
$string2 = wp_kses_no_null($string2);
$string2 = preg_replace('/\xad+/', '', $string2);
# deals with Opera "feature"
$string2 = strtolower($string2);
$allowed = false;
foreach ($allowed_protocols as $one_protocol)
if (strtolower($one_protocol) == $string2) {
$allowed = true;
break;
}
if ($allowed)
return "$string2:";
else
return '';
} # function wp_kses_bad_protocol_once2
/**
* Callback for wp_kses_bad_protocol_once() regular expression.
*
* This function processes URL protocols, checks to see if they're in the
* white-list or not, and returns different data depending on the answer.
*
* @access private
* @since 1.0.0
*
* @param mixed $matches string or preg_replace_callback() matches array to check for bad protocols
* @return string Sanitized content
*/
function wp_kses_bad_protocol_once2($matches)
{
global $_kses_allowed_protocols;
if (is_array($matches)) {
if (!isset($matches[1]) || empty($matches[1])) {
return '';
}
$string = $matches[1];
} else {
$string = $matches;
}
$string2 = wp_kses_decode_entities($string);
$string2 = preg_replace('/\\s/', '', $string2);
$string2 = wp_kses_no_null($string2);
$string2 = preg_replace('/\\xad+/', '', $string2);
# deals with Opera "feature"
$string2 = strtolower($string2);
$allowed = false;
foreach ((array) $_kses_allowed_protocols as $one_protocol) {
if (strtolower($one_protocol) == $string2) {
$allowed = true;
break;
}
}
if ($allowed) {
return "{$string2}:";
} else {
return '';
}
}
/**
* Retrieve the post content.
*
* @since 0.71
*
* @param string $more_link_text Optional. Content for when there is more text.
* @param bool $stripteaser Optional. Strip teaser content before the more text. Default is false.
* @return string
*/
function get_the_content($more_link_text = null, $stripteaser = false)
{
global $post, $more, $page, $pages, $multipage, $preview;
if (null === $more_link_text) {
$more_link_text = __('(more...)');
}
$output = '';
$hasTeaser = false;
// If post password required and it doesn't match the cookie.
if (post_password_required($post)) {
return get_the_password_form();
}
if ($page > count($pages)) {
// if the requested page doesn't exist
$page = count($pages);
}
// give them the highest numbered page that DOES exist
$content = $pages[$page - 1];
if (preg_match('/<!--more(.*?)?-->/', $content, $matches)) {
$content = explode($matches[0], $content, 2);
if (!empty($matches[1]) && !empty($more_link_text)) {
$more_link_text = strip_tags(wp_kses_no_null(trim($matches[1])));
}
$hasTeaser = true;
} else {
$content = array($content);
}
if (false !== strpos($post->post_content, '<!--noteaser-->') && (!$multipage || $page == 1)) {
$stripteaser = true;
}
$teaser = $content[0];
if ($more && $stripteaser && $hasTeaser) {
$teaser = '';
}
$output .= $teaser;
if (count($content) > 1) {
if ($more) {
$output .= '<span id="more-' . $post->ID . '"></span>' . $content[1];
} else {
if (!empty($more_link_text)) {
$output .= apply_filters('the_content_more_link', ' <a href="' . get_permalink() . "#more-{$post->ID}\" class=\"more-link\">{$more_link_text}</a>", $more_link_text);
}
$output = force_balance_tags($output);
}
}
if ($preview) {
// preview fix for javascript bug with foreign languages
$output = preg_replace_callback('/\\%u([0-9A-F]{4})/', '_convert_urlencoded_to_entities', $output);
}
return $output;
}
/**
* Sanitizes a URL for use in a redirect.
*
* @since 2.3.0
*
* @return string redirect-sanitized URL
**/
function wp_sanitize_redirect($location)
{
$regex = '/
(
(?: [\\xC2-\\xDF][\\x80-\\xBF] # double-byte sequences 110xxxxx 10xxxxxx
| \\xE0[\\xA0-\\xBF][\\x80-\\xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2
| [\\xE1-\\xEC][\\x80-\\xBF]{2}
| \\xED[\\x80-\\x9F][\\x80-\\xBF]
| [\\xEE-\\xEF][\\x80-\\xBF]{2}
| \\xF0[\\x90-\\xBF][\\x80-\\xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3
| [\\xF1-\\xF3][\\x80-\\xBF]{3}
| \\xF4[\\x80-\\x8F][\\x80-\\xBF]{2}
){1,50} # ...one or more times
)/x';
$location = preg_replace_callback($regex, '_wp_sanitize_utf8_in_redirect', $location);
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\\[\\]()]|i', '', $location);
$location = wp_kses_no_null($location);
// remove %0d and %0a from location
$strip = array('%0d', '%0a', '%0D', '%0A');
$location = _deep_replace($strip, $location);
return $location;
}
/**
* Override this method to implement the appropriate sanitization specific to the field type before the value is saved.
*
* This base method provides a generic sanitization similar to wp_kses but values are not encoded.
* Scripts are stripped out leaving allowed tags if HTMl is allowed.
*
* @param string $value The field value to be processed.
* @param int $form_id The ID of the form currently being processed.
*
* @return string
*/
public function sanitize_entry_value($value, $form_id)
{
if (is_array($value)) {
return '';
}
//allow HTML for certain field types
$allow_html = $this->allow_html();
$allowable_tags = gf_apply_filters(array('gform_allowable_tags', $form_id), $allow_html, $this, $form_id);
if ($allowable_tags !== true) {
$value = strip_tags($value, $allowable_tags);
}
$allowed_protocols = wp_allowed_protocols();
$value = wp_kses_no_null($value, array('slash_zero' => 'keep'));
$value = wp_kses_hook($value, 'post', $allowed_protocols);
$value = wp_kses_split($value, 'post', $allowed_protocols);
return $value;
}
/**
* Retrieve the post content.
*
* @since 0.71
*
* @param string $more_link_text Optional. Content for when there is more text.
* @param string $stripteaser Optional. Teaser content before the more text.
* @param string $more_file Optional. Not used.
* @return string
*/
function get_the_content($more_link_text = null, $stripteaser = 0, $more_file = '')
{
global $id, $post, $more, $page, $pages, $multipage, $preview, $pagenow;
if (null === $more_link_text) {
$more_link_text = __('(more...)');
}
$output = '';
// If post password required and it doesn't match the cookie.
if (post_password_required($post)) {
$output = get_the_password_form();
return $output;
}
if ($more_file != '') {
$file = $more_file;
} else {
$file = $pagenow;
}
//$_SERVER['PHP_SELF'];
if ($page > count($pages)) {
// if the requested page doesn't exist
$page = count($pages);
}
// give them the highest numbered page that DOES exist
$content = $pages[$page - 1];
if (preg_match('/<!--more(.*?)?-->/', $content, $matches)) {
$content = explode($matches[0], $content, 2);
if (!empty($matches[1]) && !empty($more_link_text)) {
$more_link_text = strip_tags(wp_kses_no_null(trim($matches[1])));
}
} else {
$content = array($content);
}
if (false !== strpos($post->post_content, '<!--noteaser-->') && (!$multipage || $page == 1)) {
$stripteaser = 1;
}
$teaser = $content[0];
if ($more && $stripteaser) {
$teaser = '';
}
$output .= $teaser;
if (count($content) > 1) {
if ($more) {
$output .= '<span id="more-' . $id . '"></span>' . $content[1];
} else {
$output = balanceTags($output);
if (!empty($more_link_text)) {
$output .= ' <a href="' . get_permalink() . "#more-{$id}\" class=\"more-link\">{$more_link_text}</a>";
}
}
}
if ($preview) {
// preview fix for javascript bug with foreign languages
$output = preg_replace_callback('/\\%u([0-9A-F]{4})/', create_function('$match', 'return "&#" . base_convert($match[1], 16, 10) . ";";'), $output);
}
return $output;
}
function raindrops_add_more($id, $content, $more_link_text = null)
{
global $multipage, $page;
$pre = apply_filters('raindrops_add_more_before', '');
$after = apply_filters('raindrops_add_more_after', '');
$html = ' <div class="raindrops-more-wrapper">' . $pre . '<a href="%1$s%2$s" class="poster-more-link">%3$s</a>' . $after . '</div>';
if (empty($more_link_text)) {
$raindrops_aria_hidden = raindrops_doctype_elements('', 'aria-hidden="true"', false);
$more_link_text = esc_html__('Continue reading ', 'raindrops') . '<span class="meta-nav" ' . $raindrops_aria_hidden . '>→</span><span class="more-link-post-unique">' . esc_html__(' Post ID ', 'raindrops') . $id . '</span>';
}
$output = '';
$strip_teaser = false;
$more = false;
if (preg_match('/<!--noteaser-->/', $content, $matches)) {
$fragment_identifier = '';
} else {
$fragment_identifier = '#more-' . $id;
}
if (preg_match('/<!--more(.*?)?-->/', $content, $matches)) {
$content = explode($matches[0], $content, 2);
if (!empty($matches[1])) {
$more_link_text = esc_html($matches[1]);
}
if (!empty($matches[1]) && !empty($more_link_text)) {
$more_link_text = strip_tags(wp_kses_no_null(trim($matches[1])));
}
$more = true;
}
if (is_array($content)) {
$content = $content[0];
$content .= apply_filters('the_content_more_link', sprintf($html, get_permalink($id), $fragment_identifier, $more_link_text), $more_link_text);
$content = force_balance_tags($content);
return apply_filters('raindrops_add_more', $content, $more);
} else {
return apply_filters('raindrops_add_more', $content, $more);
}
}
function biznex_content($q = null, $more_link_text = null, $strip_teaser = false)
{
global $page, $more, $preview, $pages, $multipage;
$post = get_post($q);
if (null === $more_link_text) {
$more_link_text = __('(more…)');
}
$output = '';
$has_teaser = false;
if (post_password_required($post)) {
return get_the_password_form($post);
}
if ($page > count($pages)) {
$page = count($pages);
}
$content = $pages[$page - 1];
if (preg_match('/<!--more(.*?)?-->/', $content, $matches)) {
$content = explode($matches[0], $content, 2);
if (!empty($matches[1]) && !empty($more_link_text)) {
$more_link_text = strip_tags(wp_kses_no_null(trim($matches[1])));
}
$has_teaser = true;
} else {
$content = array($content);
}
if (false !== strpos($post->post_content, '<!--noteaser-->') && (!$multipage || $page == 1)) {
$strip_teaser = true;
}
$teaser = $content[0];
if ($more && $strip_teaser && $has_teaser) {
$teaser = '';
}
$output .= $teaser;
if (count($content) > 1) {
if ($more) {
$output .= '<span id="more-' . $post->ID . '"></span>' . $content[1];
} else {
if (!empty($more_link_text)) {
$output .= apply_filters('the_content_more_link', ' <a href="' . get_permalink() . "#more-{$post->ID}\" class=\"more-link\">{$more_link_text}</a>", $more_link_text);
}
$output = force_balance_tags($output);
}
}
if ($preview) {
$output = preg_replace_callback('/\\%u([0-9A-F]{4})/', '_convert_urlencoded_to_entities', $output);
}
return $output;
}
function wp_redirect($location, $status = 302) {
global $is_IIS;
$location = apply_filters('wp_redirect', $location, $status);
if ( !$location ) // allows the wp_redirect filter to cancel a redirect
return false;
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
$location = wp_kses_no_null($location);
$strip = array('%0d', '%0a');
$location = str_replace($strip, '', $location);
if ( $is_IIS ) {
header("Refresh: 0;url=$location");
} else {
if ( php_sapi_name() != 'cgi-fcgi' )
status_header($status); // This causes problems on IIS and some FastCGI setups
header("Location: $location");
}
}
static function wp_kses_bad_protocol_once2($string, $allowed_protocols)
{
$string2 = wp_kses_decode_entities($string);
$string2 = preg_replace('/\\s/', '', $string2);
$string2 = wp_kses_no_null($string2);
$string2 = strtolower($string2);
$allowed = false;
foreach ((array) $allowed_protocols as $one_protocol) {
if (strtolower($one_protocol) == $string2) {
$allowed = true;
break;
}
}
if ($allowed) {
return "{$string2}:";
} else {
return '';
}
}
echo get_the_post_thumbnail($item->ID, 'hotdaily-thumb');
?>
</div>
<h2><?php
echo $item->post_title;
?>
</h2>
<p class="txt"><?php
// split content if too long
$post_content = $item->post_content;
$output = '';
$has_teaser = false;
if (preg_match('/<!--more(.*?)?-->/', $post_content, $matches)) {
$post_content = explode($matches[0], $post_content, 2);
if (!empty($matches[1]) && !empty($more_link_text)) {
$more_link_text = strip_tags(wp_kses_no_null(trim($matches[1])));
}
$has_teaser = true;
} else {
$post_content = array($post_content);
}
$teaser = $post_content[0];
$output .= $teaser;
$output = force_balance_tags($output);
echo $output;
?>
</p>
<footer>
<span class="date">(<?php
echo date("Y/m/d", strtotime($item->post_date));
?>
/**
* based on get_the_content() in wp-includes/post-template.php
*/
function bib_process_moretag($data)
{
global $blog_in_blog_opts;
global $more, $multipage, $page;
$more = 0;
$output = '';
$hasTeaser = false;
$more_link_text = $blog_in_blog_opts['bib_more_link_text'];
$data['post_content'] = bib_check_password_protected($data['post_object'], 'post_content');
if (preg_match('/<!--more(.*?)?-->/', $data['post_content'], $matches)) {
$content = explode($matches[0], $data['post_content'], 2);
if (!empty($matches[1]) && !empty($more_link_text)) {
$more_link_text = strip_tags(wp_kses_no_null(trim($matches[1])));
}
$hasTeaser = true;
//$more = 0;
bib_write_debug(__FUNCTION__, "FOUND a 'more' tag.");
} else {
$content = array($data['post_content']);
bib_write_debug(__FUNCTION__, "NO more tag.");
// $more = 1;
}
if (false !== strpos($data['post_content'], '<!--noteaser-->') && (!$multipage || $page == 1)) {
$stripteaser = 1;
bib_write_debug(__FUNCTION__, "stripteaser = 1");
}
$teaser = $content[0];
if ($more && $stripteaser && $hasTeaser) {
// if ( ($more) && ($hasTeaser) )
bib_write_debug(__FUNCTION__, "Not going to have any sort of teaser.");
$teaser = '';
}
$output .= $teaser;
if (count($content) > 1) {
if ($more) {
bib_write_debug(__FUNCTION__, "Content array is greater than 1 and more is true.");
$output .= '<span id="more-' . $data['post_id'] . '"></span>' . $content[1];
} else {
bib_write_debug(__FUNCTION__, "Creating more link.");
if (!empty($more_link_text)) {
$output .= apply_filters('the_content_more_link', ' <a href="' . $data['post_permalink'] . "#more-{$data['post_id']}'\" class=\"more-link\">{$more_link_text}</a>", $more_link_text);
}
$output = force_balance_tags($output);
}
}
$data['post_content'] = $output;
if ($data['post_excerpt'] == '') {
if (preg_match("/{$more_link_text}/", $output)) {
$data['post_excerpt'] = $output;
} else {
$data['post_excerpt'] = get_the_excerpt();
}
} else {
$data['post_excerpt'] = apply_filters('excerpt_more', '', $data['post_excerpt']);
}
return $data;
}
function page_title($page_title)
{
global $wp_query;
$resolved_query = get_query_var('resolved');
if (!empty($resolved_query)) {
$resolved_query = strip_tags(wp_kses_no_null(trim($resolved_query)));
$page_title = is_tag() ? $page_title . " | " : '';
if ('unresolved' === $resolved_query) {
$page_title .= sprintf(_x('Posts Marked To Do (%d)', 'resolved/unresolved posts', 'o2'), $wp_query->found_posts);
} else {
if ('resolved' === $resolved_query) {
$page_title .= sprintf(_x('Posts Marked Done (%d)', 'resolved/unresolved posts', 'o2'), $wp_query->found_posts);
} else {
$page_title .= sprintf(_x('%s Posts (%d)', 'resolved/unresolved posts', 'o2'), $resolved_query, $wp_query->found_posts);
}
}
}
return $page_title;
}
/**
* Sanitizes a URL for use in a redirect.
*
* @since 2.3.0
*
* @return string redirect-sanitized URL
**/
function wp_sanitize_redirect($location)
{
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!*\\[\\]()]|i', '', $location);
$location = wp_kses_no_null($location);
// remove %0d and %0a from location
$strip = array('%0d', '%0a', '%0D', '%0A');
$location = _deep_replace($strip, $location);
return $location;
}
/**
* Override this method to implement the appropriate sanitization specific to the field type before the value is saved.
*
* This base method provides a generic sanitization similar to wp_kses but values are not encoded.
* Scripts are stripped out leaving tags allowed by the gform_allowable_tags filter.
*
* @param string $value The field value to be processed.
* @param int $form_id The ID of the form currently being processed.
*
* @return string
*/
public function sanitize_entry_value($value, $form_id)
{
if (is_array($value)) {
return '';
}
/**
* Provisional filter - may be subject to change or removal.
*
* @param bool
* @param int $form_id
* @para GF_Field $this
*/
$sanitize = apply_filters('gform_sanitize_entry_value', true, $form_id, $this);
if (!$sanitize) {
return $value;
}
//allow HTML for certain field types
$allow_html = $this->allow_html();
$allowable_tags = gf_apply_filters(array('gform_allowable_tags', $form_id), $allow_html, $this, $form_id);
if ($allowable_tags !== true) {
$value = strip_tags($value, $allowable_tags);
}
$allowed_protocols = wp_allowed_protocols();
$value = wp_kses_no_null($value, array('slash_zero' => 'keep'));
$value = wp_kses_hook($value, 'post', $allowed_protocols);
$value = wp_kses_split($value, 'post', $allowed_protocols);
return $value;
}
function bb_fix_link($link)
{
if (false === strpos($link, '.')) {
// these are usually random words
return '';
}
$link = wp_kses_no_null($link);
return esc_url($link);
}
/**
* Filter the content of the panel, adding all the widgets.
*
* @param $content
* @return string
*
* @filter the_content
*/
function siteorigin_panels_filter_content($content)
{
global $post;
if (empty($post)) {
return $content;
}
if (!apply_filters('siteorigin_panels_filter_content_enabled', true)) {
return $content;
}
// Check if this post has panels_data
$panels_data = get_post_meta($post->ID, 'panels_data', true);
if (!empty($panels_data)) {
$panel_content = siteorigin_panels_render($post->ID);
if (!empty($panel_content)) {
$content = $panel_content;
if (!is_singular()) {
// This is an archive page, so try strip out anything after the more text
if (preg_match('/<!--more(.*?)?-->/', $content, $matches)) {
$content = explode($matches[0], $content, 2);
$content = $content[0];
$content = force_balance_tags($content);
if (!empty($matches[1]) && !empty($more_link_text)) {
$more_link_text = strip_tags(wp_kses_no_null(trim($matches[1])));
} else {
$more_link_text = __('Read More', 'siteorigin-panels');
}
$more_link = apply_filters('the_content_more_link', ' <a href="' . get_permalink() . "#more-{$post->ID}\" class=\"more-link\">{$more_link_text}</a>", $more_link_text);
$content .= '<p>' . $more_link . '</p>';
}
}
}
}
return $content;
}
function the_content($c, $m = false, $s = 0)
{
global $more;
//
if (!$m) {
$m = __('(more...)');
}
$o = '';
$h = false;
//
if (preg_match('/<!--more(.*?)?-->/', $c, $r)) {
$c = explode($r[0], $c, 2);
if (!empty($r[1]) && !empty($m)) {
$m = strip_tags(wp_kses_no_null(trim($r[1])));
}
$h = true;
} else {
$c = array($c);
}
//
if ($more && $s && $h) {
$teaser = '';
} else {
$o .= $c[0];
}
$o .= $teaser;
if (count($c) > 1) {
if ($more) {
$o .= '<span id="more-' . $id . '"></span>' . $c[1];
} else {
if (!empty($m)) {
$o .= apply_filters('the_content_more_link', ' <a href="' . get_permalink() . "#more-{$id}\" class=\"more-link\">{$m}</a>", $m);
}
$o = force_balance_tags($o);
}
}
if ($preview) {
$o = preg_replace_callback('/\\%u([0-9A-F]{4})/', create_function('$r', 'return "&#" . base_convert($r[1], 16, 10) . ";";'), $o);
}
return $o;
}
/**
* sanitizes a URL for use in a redirect
* @return string redirect-sanitized URL
**/
function wp_sanitize_redirect($location)
{
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
$location = wp_kses_no_null($location);
// remove %0d and %0a from location
$strip = array('%0d', '%0a');
$found = true;
while ($found) {
$found = false;
foreach ($strip as $val) {
while (strpos($location, $val) !== false) {
$found = true;
$location = str_replace($val, '', $location);
}
}
}
return $location;
}
function safecss_filter_attr($css, $deprecated = '')
{
$css = wp_kses_no_null($css);
$css = str_replace(array("\n", "\r", "\t"), '', $css);
$css_array = split(';', trim($css));
$allowed_attr = apply_filters('safe_style_css', array('text-align', 'margin', 'color', 'float', 'text-direction', 'font', 'font-family', 'font-size', 'font-style', 'font-variant', 'font-weight', 'height', 'margin-bottom', 'margin-left', 'margin-right', 'margin-top', 'padding', 'padding-bottom', 'padding-left', 'padding-right', 'padding-top', 'width', 'border', 'vertical-align', 'text-decoration'));
$css = '';
foreach ($css_array as $css_item) {
if ($css_item == '') {
continue;
}
$css_item = trim($css_item);
$found = false;
if (strpos($css_item, ':') === false) {
$found = true;
} elseif (in_array(substr($css_item, 0, strpos($css_item, ':')), $allowed_attr)) {
$found = true;
}
if ($found) {
if ($css != '') {
$css .= ';';
}
$css .= $css_item;
}
}
return $css;
}
$newcontent = stripslashes($_POST['newcontent']);
$theme = urlencode($theme);
if (is_writeable($file)) {
//is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable
$f = fopen($file, 'w+');
if ($f !== FALSE) {
fwrite($f, $newcontent);
fclose($f);
$location = "theme-editor.php?file={$file}&theme={$theme}&a=te&scrollto={$scrollto}";
} else {
$location = "theme-editor.php?file={$file}&theme={$theme}&scrollto={$scrollto}";
}
} else {
$location = "theme-editor.php?file={$file}&theme={$theme}&scrollto={$scrollto}";
}
$location = wp_kses_no_null($location);
$strip = array('%0d', '%0a', '%0D', '%0A');
$location = _deep_replace($strip, $location);
header("Location: {$location}");
exit;
break;
default:
require_once 'admin-header.php';
update_recently_edited($file);
if (!is_file($file)) {
$error = 1;
}
if (!$error && filesize($file) > 0) {
$f = fopen($file, 'r');
$content = fread($f, filesize($file));
if ('.php' == substr($file, strrpos($file, '.'))) {
/**
* Strip scripts and some HTML tags.
*
* @param string $value The field value to be processed.
* @param int $form_id The ID of the form currently being processed.
*
* @return string
*/
public function sanitize_entry_value($value, $form_id)
{
if (is_array($value)) {
return '';
}
$allowable_tags = $this->get_allowable_tags($form_id);
if ($allowable_tags !== true) {
$value = strip_tags($value, $allowable_tags);
}
$allowed_protocols = wp_allowed_protocols();
$value = wp_kses_no_null($value, array('slash_zero' => 'keep'));
$value = wp_kses_hook($value, 'post', $allowed_protocols);
$value = wp_kses_split($value, 'post', $allowed_protocols);
return $value;
}
/**
* Inline CSS filter
*
* @since 2.8.1
*/
function safecss_filter_attr($css, $deprecated = '')
{
if (!empty($deprecated)) {
_deprecated_argument(__FUNCTION__, '2.8.1');
}
// Never implemented
$css = wp_kses_no_null($css);
$css = str_replace(array("\n", "\r", "\t"), '', $css);
if (preg_match('%[\\\\(&=}]|/\\*%', $css)) {
// remove any inline css containing \ ( & } = or comments
return '';
}
$css_array = explode(';', trim($css));
/**
* Filter list of allowed CSS attributes.
*
* @since 2.8.1
*
* @param array $attr List of allowed CSS attributes.
*/
$allowed_attr = apply_filters('safe_style_css', array('text-align', 'margin', 'color', 'float', 'border', 'background', 'background-color', 'border-bottom', 'border-bottom-color', 'border-bottom-style', 'border-bottom-width', 'border-collapse', 'border-color', 'border-left', 'border-left-color', 'border-left-style', 'border-left-width', 'border-right', 'border-right-color', 'border-right-style', 'border-right-width', 'border-spacing', 'border-style', 'border-top', 'border-top-color', 'border-top-style', 'border-top-width', 'border-width', 'caption-side', 'clear', 'cursor', 'direction', 'font', 'font-family', 'font-size', 'font-style', 'font-variant', 'font-weight', 'height', 'min-height', 'max-height', 'letter-spacing', 'line-height', 'margin-bottom', 'margin-left', 'margin-right', 'margin-top', 'overflow', 'padding', 'padding-bottom', 'padding-left', 'padding-right', 'padding-top', 'text-decoration', 'text-indent', 'vertical-align', 'width', 'min-width', 'max-width'));
if (empty($allowed_attr)) {
return $css;
}
$css = '';
foreach ($css_array as $css_item) {
if ($css_item == '') {
continue;
}
$css_item = trim($css_item);
$found = false;
if (strpos($css_item, ':') === false) {
$found = true;
} else {
$parts = explode(':', $css_item);
if (in_array(trim($parts[0]), $allowed_attr)) {
$found = true;
}
}
if ($found) {
if ($css != '') {
$css .= ';';
}
$css .= $css_item;
}
}
return $css;
}
/**
* Filters content and keeps only allowable HTML elements.
*
* This is the same function as built into WP, but with optional allowing of keeping "&"
*
* @param string $string Content to filter through kses
* @param array $allowed_html List of allowed HTML elements
* @param array $allowed_protocols Optional. Allowed protocol in links.
* @return string Filtered content with only allowed HTML elements
*/
function wp_kses($string, $allowed_html, $allowed_protocols = array(), $skip_normalize_entities = false)
{
if (empty($allowed_protocols)) {
$allowed_protocols = wp_allowed_protocols();
}
$string = wp_kses_no_null($string);
$string = wp_kses_js_entities($string);
if (!$skip_normalize_entities) {
$string = wp_kses_normalize_entities($string);
}
$string = wp_kses_hook($string, $allowed_html, $allowed_protocols);
// WP changed the order of these funcs and added args to wp_kses_hook
return wp_kses_split($string, $allowed_html, $allowed_protocols);
}
/**
* Retrieve the post content.
*
* @since 0.71
*
* @global int $page
* @global int $more
* @global bool $preview
* @global array $pages
* @global int $multipage
*
* @param string $more_link_text Optional. Content for when there is more text.
* @param bool $strip_teaser Optional. Strip teaser content before the more text. Default is false.
* @return string
*/
function get_the_content($more_link_text = null, $strip_teaser = false)
{
global $page, $more, $preview, $pages, $multipage;
$post = get_post();
if (null === $more_link_text) {
$more_link_text = sprintf('<span aria-label="%1$s">%2$s</span>', sprintf(__('Continue reading %s'), the_title_attribute(array('echo' => false))), __('(more…)'));
}
$output = '';
$has_teaser = false;
// If post password required and it doesn't match the cookie.
if (post_password_required($post)) {
return get_the_password_form($post);
}
if ($page > count($pages)) {
// if the requested page doesn't exist
$page = count($pages);
}
// give them the highest numbered page that DOES exist
$content = $pages[$page - 1];
if (preg_match('/<!--more(.*?)?-->/', $content, $matches)) {
$content = explode($matches[0], $content, 2);
if (!empty($matches[1]) && !empty($more_link_text)) {
$more_link_text = strip_tags(wp_kses_no_null(trim($matches[1])));
}
$has_teaser = true;
} else {
$content = array($content);
}
if (false !== strpos($post->post_content, '<!--noteaser-->') && (!$multipage || $page == 1)) {
$strip_teaser = true;
}
$teaser = $content[0];
if ($more && $strip_teaser && $has_teaser) {
$teaser = '';
}
$output .= $teaser;
if (count($content) > 1) {
if ($more) {
$output .= '<span id="more-' . $post->ID . '"></span>' . $content[1];
} else {
if (!empty($more_link_text)) {
/**
* Filters the Read More link text.
*
* @since 2.8.0
*
* @param string $more_link_element Read More link element.
* @param string $more_link_text Read More text.
*/
$output .= apply_filters('the_content_more_link', ' <a href="' . get_permalink() . "#more-{$post->ID}\" class=\"more-link\">{$more_link_text}</a>", $more_link_text);
}
$output = force_balance_tags($output);
}
}
if ($preview) {
// Preview fix for JavaScript bug with foreign languages.
$output = preg_replace_callback('/\\%u([0-9A-F]{4})/', '_convert_urlencoded_to_entities', $output);
}
return $output;
}
/**
* Sanitize the field choices property.
*
* @param array|null $choices The field choices property.
*
* @return array|null
*/
public function sanitize_settings_choices($choices = null)
{
if (is_null($choices)) {
$choices =& $this->choices;
}
if (!is_array($choices)) {
return $choices;
}
foreach ($choices as &$choice) {
if (isset($choice['isSelected'])) {
$choice['isSelected'] = (bool) $choice['isSelected'];
}
if (isset($choice['price']) && !empty($choice['price'])) {
$price_number = GFCommon::to_number($choice['price']);
$choice['price'] = GFCommon::to_money($price_number);
}
if (isset($choice['text'])) {
$choice['text'] = $this->maybe_wp_kses($choice['text']);
}
if (isset($choice['value'])) {
// Strip scripts but don't encode
$allowed_protocols = wp_allowed_protocols();
$choice['value'] = wp_kses_no_null($choice['value'], array('slash_zero' => 'keep'));
$choice['value'] = wp_kses_hook($choice['value'], 'post', $allowed_protocols);
$choice['value'] = wp_kses_split($choice['value'], 'post', $allowed_protocols);
}
}
return $choices;
}