コード例 #1
0
ファイル: kses.php プロジェクト: robertlange81/Website
function wp_kses($string, $allowed_html, $allowed_protocols = array('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'feed', 'gopher', 'mailto'))
{
    $string = wp_kses_no_null($string);
    $string = wp_kses_js_entities($string);
    $string = wp_kses_normalize_entities($string);
    $string = wp_kses_hook($string);
    $allowed_html_fixed = wp_kses_array_lc($allowed_html);
    return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
}
コード例 #2
0
ファイル: functions.kses.php プロジェクト: bi0xid/bach
/**
 * Filters content and keeps only allowable HTML elements.
 *
 * This function makes sure that only the allowed HTML element names, attribute
 * names and attribute values plus only sane HTML entities will occur in
 * $string. You have to remove any slashes from PHP's magic quotes before you
 * call this function.
 *
 * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
 * 'irc', 'gopher', 'nntp', 'feed', and finally 'telnet. This covers all common
 * link protocols, except for 'javascript' which should not be allowed for
 * untrusted users.
 *
 * @since 1.0.0
 *
 * @param string $string Content to filter through kses
 * @param array $allowed_html List of allowed HTML elements
 * @param array $allowed_protocols Optional. Allowed protocol in links.
 * @return string Filtered content with only allowed HTML elements
 */
function wp_kses($string, $allowed_html, $allowed_protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'))
{
    $string = wp_kses_no_null($string);
    $string = wp_kses_js_entities($string);
    $string = wp_kses_normalize_entities($string);
    $allowed_html_fixed = wp_kses_array_lc($allowed_html);
    $string = wp_kses_hook($string, $allowed_html_fixed, $allowed_protocols);
    // WP changed the order of these funcs and added args to wp_kses_hook
    return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
}
コード例 #3
0
ファイル: kses.php プロジェクト: VTAMAGNO/gpEasy-CMS
/**
 * Filters content and keeps only allowable HTML elements.
 *
 * This function makes sure that only the allowed HTML element names, attribute
 * names and attribute values plus only sane HTML entities will occur in
 * $string. You have to remove any slashes from PHP's magic quotes before you
 * call this function.
 *
 * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
 * 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This
 * covers all common link protocols, except for 'javascript' which should not
 * be allowed for untrusted users.
 *
 * @since 1.0.0
 *
 * @param string $string Content to filter through kses
 * @param array $allowed_html List of allowed HTML elements
 * @param array $allowed_protocols Optional. Allowed protocol in links.
 * @return string Filtered content with only allowed HTML elements
 */
function wp_kses($string, $allowed_html, $allowed_protocols = array())
{
    global $allowedprotocols;
    if (empty($allowed_protocols)) {
        $allowed_protocols = $allowedprotocols;
    }
    $string = wp_kses_no_null($string);
    $string = wp_kses_js_entities($string);
    $string = wp_kses_normalize_entities($string);
    return wp_kses_split($string, $allowed_html, $allowed_protocols);
}
コード例 #4
0
/**
 * Sanitizes Custom CSS
 * @param  $input entered value
 * @return sanitized output
 *
 * @since  Create 2.1
 */
function create_sanitize_custom_css($input)
{
    if ($input != '') {
        $input = str_replace('<=', '&lt;=', $input);
        $input = wp_kses_split($input, array(), array());
        $input = str_replace('&gt;', '>', $input);
        $input = strip_tags($input);
        return $input;
    } else {
        return '';
    }
}
コード例 #5
0
 /**
  * Field Render Function.
  * Takes the vars and validates them
  *
  * @since ReduxFramework 3.0.0
  */
 function validate()
 {
     $data = $this->value;
     $data = str_replace('<=', '&lt;=', $data);
     // Why KSES instead of strip_tags?  Who knows?
     $data = wp_kses_split($prev = $data, array(), array());
     $data = str_replace('&gt;', '>', $data);
     // kses replaces lone '>' with &gt;
     // Why both KSES and strip_tags?  Because we just added some '>'.
     $data = strip_tags($data);
     if ($data != $this->value) {
         $this->warning = __('Unsafe strings were found in your CSS and have been filtered out.', 'redux-framework');
     }
     $this->value = $data;
 }
コード例 #6
0
function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'feed', 'gopher', 'mailto'))
	###############################################################################
		# This function makes sure that only the allowed HTML element names, attribute
		# names and attribute values plus only sane HTML entities will occur in
		# $string. You have to remove any slashes from PHP's magic quotes before you
		# call this function.
		###############################################################################
	{
	$string = wp_kses_no_null($string);
	$string = wp_kses_js_entities($string);
	$string = wp_kses_normalize_entities($string);
	$string = wp_kses_hook($string);
	$allowed_html_fixed = wp_kses_array_lc($allowed_html);
	return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
} # function wp_kses
コード例 #7
0
 public static function sanitize_css($css)
 {
     if (!class_exists('csstidy')) {
         require_once 'class.csstidy.php';
     }
     $csstidy = new csstidy();
     $csstidy->set_cfg('remove_bslash', FALSE);
     $csstidy->set_cfg('compress_colors', FALSE);
     $csstidy->set_cfg('compress_font-weight', FALSE);
     $csstidy->set_cfg('discard_invalid_properties', TRUE);
     $csstidy->set_cfg('merge_selectors', FALSE);
     $csstidy->set_cfg('remove_last_;', FALSE);
     $csstidy->set_cfg('css_level', 'CSS3.0');
     $csstovalidateindiv = preg_replace('/\\\\([0-9a-fA-F]{4})/', '\\\\\\\\$1', $css);
     $csstovalidateindiv = wp_kses_split($csstovalidateindiv, array(), array());
     $csstidy->parse($csstovalidateindiv);
     $cssvalidated = $csstidy->print->plain();
     return $cssvalidated;
 }
コード例 #8
0
ファイル: csstidy.php プロジェクト: pemiu01/wppaintbrush
 function pixopoint_validate_css($css)
 {
     // SafeCSS / CSSTidy stuff
     require_once 'csstidy.php';
     // CSS sanitising gizmo
     $csstidy = new csstidy();
     $csstidy->optimise = new safecss($csstidy);
     $csstidy->set_cfg('remove_bslash', false);
     $csstidy->set_cfg('compress_colors', false);
     $csstidy->set_cfg('compress_font-weight', false);
     $csstidy->set_cfg('discard_invalid_properties', true);
     $csstidy->set_cfg('merge_selectors', false);
     $csstidy->set_cfg('preserve_css', true);
     // Outputs code comments
     // $csstidy->set_cfg( 'lowercase_s', false );
     // $csstidy->set_cfg( 'optimise_shorthands', 1 );
     // $csstidy->set_cfg( 'remove_last_;', false );
     // $csstidy->set_cfg( 'case_properties', 1 );
     // $csstidy->set_cfg( 'sort_properties', false );
     // $csstidy->set_cfg( 'sort_selectors', false );
     // Santisation stuff copied from SafeCSS by Automattic
     $css = stripslashes($css);
     $css = preg_replace('/\\\\([0-9a-fA-F]{4})/', '\\\\\\\\$1', $prev = $css);
     $css = str_replace('<=', '&lt;=', $css);
     // Some people put weird stuff in their CSS, KSES tends to be greedy
     $css = wp_kses_split($prev = $css, array(), array());
     // Why KSES instead of strip_tags?  Who knows?
     $css = str_replace('&gt;', '>', $css);
     // kses replaces lone '>' with &gt;
     $css = strip_tags($css);
     // Why both KSES and strip_tags?  Because we just added some '>'.
     // Parse with CSS tidy
     $csstidy->parse($css);
     // Parse with CSS Tidy
     $css = $csstidy->print->plain();
     // Grab CSS output
     // Make CSS look pretty
     $css = pixopoint_pretty_css($css);
     return $css;
 }
コード例 #9
0
function firmasite_sanitize_customcss($css)
{
    // Sadly we cant include csstidy. WordPress Theme Directory's automatic code checking system is not accepting it.
    // You have 2 option for including css checker: install jetpack and activate custom css or copy csstidy's folder to theme's functions folder from jetpack's plugin
    firmasite_safecss_class();
    if (class_exists('safecss') || class_exists('firmasite_safecss')) {
        $csstidy = new csstidy();
        if (class_exists('firmasite_safecss')) {
            $csstidy->optimise = new firmasite_safecss($csstidy);
        } else {
            $csstidy->optimise = new safecss($csstidy);
        }
        $csstidy->set_cfg('remove_bslash', false);
        $csstidy->set_cfg('compress_colors', false);
        $csstidy->set_cfg('compress_font-weight', false);
        $csstidy->set_cfg('optimise_shorthands', 0);
        $csstidy->set_cfg('remove_last_;', false);
        $csstidy->set_cfg('case_properties', false);
        $csstidy->set_cfg('discard_invalid_properties', true);
        $csstidy->set_cfg('css_level', 'CSS3.0');
        $csstidy->set_cfg('preserve_css', true);
        $csstidy->set_cfg('template', dirname(__FILE__) . '/csstidy/wordpress-standard.tpl');
        $css = stripslashes($css);
        // Some people put weird stuff in their CSS, KSES tends to be greedy
        $css = str_replace('<=', '&lt;=', $css);
        // Why KSES instead of strip_tags?  Who knows?
        $css = wp_kses_split($prev = $css, array(), array());
        $css = str_replace('&gt;', '>', $css);
        // kses replaces lone '>' with &gt;
        // Why both KSES and strip_tags?  Because we just added some '>'.
        $css = strip_tags($css);
        $csstidy->parse($css);
        $safe_css = $csstidy->print->plain();
    } else {
        $safe_css = $css;
    }
    return $safe_css;
}
コード例 #10
0
ファイル: validation_css.php プロジェクト: justinwool/vortago
 /**
  * Field Render Function.
  * Takes the vars and validates them
  *
  * @since ReduxFramework 3.0.0
  */
 function validate()
 {
     require_once dirname(__FILE__) . '/csstidy/class.csstidy.php';
     $csstidy = new csstidy();
     $csstidy->set_cfg('remove_bslash', false);
     $csstidy->set_cfg('compress_colors', false);
     $csstidy->set_cfg('compress_font-weight', false);
     $csstidy->set_cfg('optimise_shorthands', 0);
     $csstidy->set_cfg('remove_last_;', false);
     $csstidy->set_cfg('case_properties', false);
     $csstidy->set_cfg('discard_invalid_properties', true);
     $csstidy->set_cfg('css_level', 'CSS3.0');
     $csstidy->set_cfg('preserve_css', true);
     $csstidy->set_cfg('template', dirname(__FILE__) . '/csstidy/wordpress-standard.tpl');
     $css = $orig = $this->value;
     $css = preg_replace('/\\\\([0-9a-fA-F]{4})/', '\\\\\\\\$1', $prev = $css);
     if ($css != $prev) {
         $this->warning = true;
     }
     // Some people put weird stuff in their CSS, KSES tends to be greedy
     $css = str_replace('<=', '&lt;=', $css);
     // Why KSES instead of strip_tags?  Who knows?
     $css = wp_kses_split($prev = $css, array(), array());
     $css = str_replace('&gt;', '>', $css);
     // kses replaces lone '>' with &gt;
     // Why both KSES and strip_tags?  Because we just added some '>'.
     $css = strip_tags($css);
     if ($css != $prev) {
         $this->warning = true;
     }
     $csstidy->parse($css);
     $this->value = $csstidy->print->plain();
     if (isset($this->warning) && $this->warning) {
         $this->warning = __('Unsafe strings were found in your CSS and have been filtered out.', 'redux-framework');
     }
 }
コード例 #11
0
ファイル: custom-css.php プロジェクト: javipaur/TiendaVirtual
/**
 * sanitize css input
 *
 * @since 0.9.5
 * @access private
 */
function custom_css_sanitize($css)
{
    if ('' != $css) {
        //$css = stripslashes( wp_filter_post_kses( addslashes( $value ) ) );
        $css = str_replace('<=', '&lt;=', $css);
        $css = wp_kses_split($css, array(), array());
        $css = str_replace('&gt;', '>', $css);
        $css = strip_tags($css);
    }
    return $css;
}
コード例 #12
0
ファイル: rpr-admin-menu.php プロジェクト: raj-rk/Raj
 public function update_settings()
 {
     global $register_plus_redux;
     $options = array();
     $redux_usermeta = array();
     $_POST = stripslashes_deep((array) $_POST);
     if (isset($_POST['custom_logo_url']) && !isset($_POST['remove_logo'])) {
         $options['custom_logo_url'] = esc_url_raw((string) $_POST['custom_logo_url']);
     }
     $options['verify_user_email'] = isset($_POST['verify_user_email']) ? '1' : '0';
     $options['message_verify_user_email'] = isset($_POST['message_verify_user_email']) ? wp_kses_post((string) $_POST['message_verify_user_email']) : '';
     $options['verify_user_admin'] = isset($_POST['verify_user_admin']) ? '1' : '0';
     $options['message_verify_user_admin'] = isset($_POST['message_verify_user_admin']) ? wp_kses_post((string) $_POST['message_verify_user_admin']) : '';
     $options['delete_unverified_users_after'] = isset($_POST['delete_unverified_users_after']) ? absint((string) $_POST['delete_unverified_users_after']) : '0';
     $options['registration_redirect_url'] = isset($_POST['registration_redirect_url']) ? esc_url_raw((string) $_POST['registration_redirect_url']) : '';
     $options['verification_redirect_url'] = isset($_POST['verification_redirect_url']) ? esc_url_raw((string) $_POST['verification_redirect_url']) : '';
     $options['autologin_user'] = isset($_POST['autologin_user']) ? '1' : '0';
     $options['username_is_email'] = isset($_POST['username_is_email']) ? '1' : '0';
     $options['double_check_email'] = isset($_POST['double_check_email']) ? '1' : '0';
     if (isset($_POST['show_fields']) && is_array($_POST['show_fields'])) {
         $options['show_fields'] = (array) $_POST['show_fields'];
     }
     if (isset($_POST['required_fields']) && is_array($_POST['required_fields'])) {
         $options['required_fields'] = (array) $_POST['required_fields'];
     }
     $options['user_set_password'] = isset($_POST['user_set_password']) ? '1' : '0';
     $options['min_password_length'] = isset($_POST['min_password_length']) ? absint($_POST['min_password_length']) : 0;
     $options['disable_password_confirmation'] = isset($_POST['disable_password_confirmation']) ? '1' : '0';
     $options['show_password_meter'] = isset($_POST['show_password_meter']) ? '1' : '0';
     $options['message_empty_password'] = isset($_POST['message_empty_password']) ? wp_kses_data((string) $_POST['message_empty_password']) : '';
     $options['message_short_password'] = isset($_POST['message_short_password']) ? wp_kses_data((string) $_POST['message_short_password']) : '';
     $options['message_bad_password'] = isset($_POST['message_bad_password']) ? wp_kses_data((string) $_POST['message_bad_password']) : '';
     $options['message_good_password'] = isset($_POST['message_good_password']) ? wp_kses_data((string) $_POST['message_good_password']) : '';
     $options['message_strong_password'] = isset($_POST['message_strong_password']) ? wp_kses_data((string) $_POST['message_strong_password']) : '';
     $options['message_mismatch_password'] = isset($_POST['message_mismatch_password']) ? wp_kses_data((string) $_POST['message_mismatch_password']) : '';
     $options['enable_invitation_code'] = isset($_POST['enable_invitation_code']) ? '1' : '0';
     if (isset($_POST['invitation_code_bank']) && is_array($_POST['invitation_code_bank'])) {
         $invitation_code_bank = (array) $_POST['invitation_code_bank'];
     }
     $options['require_invitation_code'] = isset($_POST['require_invitation_code']) ? '1' : '0';
     $options['invitation_code_case_sensitive'] = isset($_POST['invitation_code_case_sensitive']) ? '1' : '0';
     $options['invitation_code_unique'] = isset($_POST['invitation_code_unique']) ? '1' : '0';
     $options['enable_invitation_tracking_widget'] = isset($_POST['enable_invitation_tracking_widget']) ? '1' : '0';
     $options['show_disclaimer'] = isset($_POST['show_disclaimer']) ? '1' : '0';
     $options['message_disclaimer_title'] = isset($_POST['message_disclaimer_title']) ? sanitize_text_field((string) $_POST['message_disclaimer_title']) : '';
     $options['message_disclaimer'] = isset($_POST['message_disclaimer']) ? wp_kses_post((string) $_POST['message_disclaimer']) : '';
     $options['require_disclaimer_agree'] = isset($_POST['require_disclaimer_agree']) ? '1' : '0';
     $options['message_disclaimer_agree'] = isset($_POST['message_disclaimer_agree']) ? sanitize_text_field((string) $_POST['message_disclaimer_agree']) : '';
     $options['show_license'] = isset($_POST['show_license']) ? '1' : '0';
     $options['message_license_title'] = isset($_POST['message_license_title']) ? sanitize_text_field((string) $_POST['message_license_title']) : '';
     $options['message_license'] = isset($_POST['message_license']) ? wp_kses_post((string) $_POST['message_license']) : '';
     $options['require_license_agree'] = isset($_POST['require_license_agree']) ? '1' : '0';
     $options['message_license_agree'] = isset($_POST['message_license_agree']) ? sanitize_text_field((string) $_POST['message_license_agree']) : '';
     $options['show_privacy_policy'] = isset($_POST['show_privacy_policy']) ? '1' : '0';
     $options['message_privacy_policy_title'] = isset($_POST['message_privacy_policy_title']) ? sanitize_text_field((string) $_POST['message_privacy_policy_title']) : '';
     $options['message_privacy_policy'] = isset($_POST['message_privacy_policy']) ? wp_kses_post((string) $_POST['message_privacy_policy']) : '';
     $options['require_privacy_policy_agree'] = isset($_POST['require_privacy_policy_agree']) ? '1' : '0';
     $options['message_privacy_policy_agree'] = isset($_POST['message_privacy_policy_agree']) ? sanitize_text_field((string) $_POST['message_privacy_policy_agree']) : '';
     $options['default_css'] = isset($_POST['default_css']) ? '1' : '0';
     $options['required_fields_style'] = '';
     if (isset($_POST['required_fields_style'])) {
         // Stolen from Jetpack 2.0.4 custom-css.php Jetpack_Custom_CSS::filter_attr()
         require_once 'csstidy/class.csstidy.php';
         $csstidy = new csstidy();
         $csstidy->set_cfg('remove_bslash', FALSE);
         $csstidy->set_cfg('compress_colors', FALSE);
         $csstidy->set_cfg('compress_font-weight', FALSE);
         $csstidy->set_cfg('discard_invalid_properties', TRUE);
         $csstidy->set_cfg('merge_selectors', FALSE);
         $csstidy->set_cfg('remove_last_;', FALSE);
         $csstidy->set_cfg('css_level', 'CSS3.0');
         $required_fields_style = 'div {' . (string) $_POST['required_fields_style'] . '}';
         $required_fields_style = preg_replace('/\\\\([0-9a-fA-F]{4})/', '\\\\\\\\$1', $required_fields_style);
         $required_fields_style = wp_kses_split($required_fields_style, array(), array());
         $csstidy->parse($required_fields_style);
         $required_fields_style = $csstidy->print->plain();
         $required_fields_style = str_replace(array("\n", "\r", "\t"), '', $required_fields_style);
         preg_match("/^div\\s*{(.*)}\\s*\$/", $required_fields_style, $matches);
         if (!empty($matches[1])) {
             $options['required_fields_style'] = $matches[1];
         }
     }
     $options['required_fields_asterisk'] = isset($_POST['required_fields_asterisk']) ? '1' : '0';
     $options['starting_tabindex'] = isset($_POST['starting_tabindex']) ? absint($_POST['starting_tabindex']) : 0;
     /*
     if ( isset( $_POST['datepicker_firstdayofweek'] ) ) $options['datepicker_firstdayofweek'] = absint( $_POST['datepicker_firstdayofweek'] );
     if ( isset( $_POST['datepicker_dateformat'] ) ) $options['datepicker_dateformat'] = sanitize_text_field( (string) $_POST['datepicker_dateformat'] );
     if ( isset( $_POST['datepicker_startdate'] ) ) $options['datepicker_startdate'] = sanitize_text_field( (string) $_POST['datepicker_startdate'] );
     if ( isset( $_POST['datepicker_calyear'] ) ) $options['datepicker_calyear'] = sanitize_text_field( (string) $_POST['datepicker_calyear'] );
     if ( isset( $_POST['datepicker_calmonth'] ) ) $options['datepicker_calmonth'] = sanitize_text_field( (string) $_POST['datepicker_calmonth'] );
     */
     $options['disable_user_message_registered'] = isset($_POST['disable_user_message_registered']) ? '1' : '0';
     $options['disable_user_message_created'] = isset($_POST['disable_user_message_created']) ? '1' : '0';
     $options['custom_user_message'] = isset($_POST['custom_user_message']) ? '1' : '0';
     $options['user_message_from_email'] = isset($_POST['user_message_from_email']) ? sanitize_text_field((string) $_POST['user_message_from_email']) : '';
     $options['user_message_from_name'] = isset($_POST['user_message_from_name']) ? sanitize_text_field((string) $_POST['user_message_from_name']) : '';
     $options['user_message_subject'] = isset($_POST['user_message_subject']) ? sanitize_text_field((string) $_POST['user_message_subject']) : '';
     $options['user_message_body'] = isset($_POST['user_message_body']) ? wp_kses_post((string) $_POST['user_message_body']) : '';
     $options['send_user_message_in_html'] = isset($_POST['send_user_message_in_html']) ? '1' : '0';
     $options['user_message_newline_as_br'] = isset($_POST['user_message_newline_as_br']) ? '1' : '0';
     $options['custom_verification_message'] = isset($_POST['custom_verification_message']) ? '1' : '0';
     $options['verification_message_from_email'] = isset($_POST['verification_message_from_email']) ? sanitize_text_field((string) $_POST['verification_message_from_email']) : '';
     $options['verification_message_from_name'] = isset($_POST['verification_message_from_name']) ? sanitize_text_field((string) $_POST['verification_message_from_name']) : '';
     $options['verification_message_subject'] = isset($_POST['verification_message_subject']) ? sanitize_text_field((string) $_POST['verification_message_subject']) : '';
     $options['verification_message_body'] = isset($_POST['verification_message_body']) ? wp_kses_post((string) $_POST['verification_message_body']) : '';
     $options['send_verification_message_in_html'] = isset($_POST['send_verification_message_in_html']) ? '1' : '0';
     $options['verification_message_newline_as_br'] = isset($_POST['verification_message_newline_as_br']) ? '1' : '0';
     $options['disable_admin_message_registered'] = isset($_POST['disable_admin_message_registered']) ? '1' : '0';
     $options['disable_admin_message_created'] = isset($_POST['disable_admin_message_created']) ? '1' : '0';
     $options['admin_message_when_verified'] = isset($_POST['admin_message_when_verified']) ? '1' : '0';
     $options['custom_admin_message'] = isset($_POST['custom_admin_message']) ? '1' : '0';
     $options['admin_message_from_email'] = isset($_POST['admin_message_from_email']) ? sanitize_text_field((string) $_POST['admin_message_from_email']) : '';
     $options['admin_message_from_name'] = isset($_POST['admin_message_from_name']) ? sanitize_text_field((string) $_POST['admin_message_from_name']) : '';
     $options['admin_message_subject'] = isset($_POST['admin_message_subject']) ? sanitize_text_field((string) $_POST['admin_message_subject']) : '';
     $options['admin_message_body'] = isset($_POST['admin_message_body']) ? wp_kses_post((string) $_POST['admin_message_body']) : '';
     $options['send_admin_message_in_html'] = isset($_POST['send_admin_message_in_html']) ? '1' : '0';
     $options['admin_message_newline_as_br'] = isset($_POST['admin_message_newline_as_br']) ? '1' : '0';
     $options['custom_registration_page_css'] = '';
     if (isset($_POST['custom_registration_page_css'])) {
         // Stolen from Jetpack 2.0.4 custom-css.php Jetpack_Custom_CSS::init()
         require_once 'csstidy/class.csstidy.php';
         $csstidy = new csstidy();
         $csstidy->set_cfg('remove_bslash', FALSE);
         $csstidy->set_cfg('compress_colors', FALSE);
         $csstidy->set_cfg('compress_font-weight', FALSE);
         $csstidy->set_cfg('optimise_shorthands', 0);
         $csstidy->set_cfg('remove_last_;', FALSE);
         $csstidy->set_cfg('case_properties', FALSE);
         $csstidy->set_cfg('discard_invalid_properties', TRUE);
         $csstidy->set_cfg('css_level', 'CSS3.0');
         $csstidy->set_cfg('preserve_css', TRUE);
         $csstidy->set_cfg('template', dirname(__FILE__) . '/csstidy/wordpress-standard.tpl');
         $custom_registration_page_css = (string) $_POST['custom_registration_page_css'];
         $custom_registration_page_css = preg_replace('/\\\\([0-9a-fA-F]{4})/', '\\\\\\\\$1', $custom_registration_page_css);
         $custom_registration_page_css = str_replace('<=', '&lt;=', $custom_registration_page_css);
         $custom_registration_page_css = wp_kses_split($custom_registration_page_css, array(), array());
         $custom_registration_page_css = str_replace('&gt;', '>', $custom_registration_page_css);
         $custom_registration_page_css = strip_tags($custom_registration_page_css);
         $csstidy->parse($custom_registration_page_css);
         $options['custom_registration_page_css'] = $csstidy->print->plain();
     }
     $options['custom_login_page_css'] = '';
     if (isset($_POST['custom_login_page_css'])) {
         // Stolen from Jetpack 2.0.4 custom-css.php Jetpack_Custom_CSS::init()
         require_once 'csstidy/class.csstidy.php';
         $csstidy = new csstidy();
         $csstidy->set_cfg('remove_bslash', FALSE);
         $csstidy->set_cfg('compress_colors', FALSE);
         $csstidy->set_cfg('compress_font-weight', FALSE);
         $csstidy->set_cfg('optimise_shorthands', 0);
         $csstidy->set_cfg('remove_last_;', FALSE);
         $csstidy->set_cfg('case_properties', FALSE);
         $csstidy->set_cfg('discard_invalid_properties', TRUE);
         $csstidy->set_cfg('css_level', 'CSS3.0');
         $csstidy->set_cfg('preserve_css', TRUE);
         $csstidy->set_cfg('template', dirname(__FILE__) . '/csstidy/wordpress-standard.tpl');
         $custom_login_page_css = (string) $_POST['custom_login_page_css'];
         $custom_login_page_css = preg_replace('/\\\\([0-9a-fA-F]{4})/', '\\\\\\\\$1', $custom_login_page_css);
         $custom_login_page_css = str_replace('<=', '&lt;=', $custom_login_page_css);
         $custom_login_page_css = wp_kses_split($custom_login_page_css, array(), array());
         $custom_login_page_css = str_replace('&gt;', '>', $custom_login_page_css);
         $custom_login_page_css = strip_tags($custom_login_page_css);
         $csstidy->parse($custom_login_page_css);
         $options['custom_login_page_css'] = $csstidy->print->plain();
     }
     if (isset($_POST['label'])) {
         foreach ((array) $_POST['label'] as $index => $v) {
             $meta_field = array();
             if (!empty($_POST['label'][$index])) {
                 $meta_field['label'] = isset($_POST['label'][$index]) ? sanitize_text_field((string) $_POST['label'][$index]) : '';
                 $meta_field['meta_key'] = isset($_POST['meta_key'][$index]) ? sanitize_text_field((string) $_POST['meta_key'][$index]) : '';
                 $meta_field['display'] = isset($_POST['display'][$index]) ? sanitize_text_field((string) $_POST['display'][$index]) : '';
                 $meta_field['options'] = '';
                 if (isset($_POST['options'][$index])) {
                     if (in_array($meta_field['display'], array('checkbox', 'radio', 'select'))) {
                         /*.array[]string.*/
                         $field_options = explode(',', (string) $_POST['options'][$index]);
                         foreach ($field_options as &$field_option) {
                             $field_option = sanitize_text_field($field_option);
                         }
                         $meta_field['options'] = implode(',', $field_options);
                     } else {
                         $meta_field['options'] = sanitize_text_field((string) $_POST['options'][$index]);
                     }
                 }
                 $meta_field['escape_url'] = '0';
                 $meta_field['show_on_profile'] = isset($_POST['show_on_profile'][$index]) ? '1' : '0';
                 $meta_field['show_on_registration'] = isset($_POST['show_on_registration'][$index]) ? '1' : '0';
                 $meta_field['require_on_registration'] = isset($_POST['require_on_registration'][$index]) ? '1' : '0';
                 $meta_field['show_datepicker'] = isset($_POST['show_datepicker'][$index]) ? '1' : '0';
                 $meta_field['terms_content'] = isset($_POST['terms_content'][$index]) ? wp_kses_post((string) $_POST['terms_content'][$index]) : '';
                 $meta_field['terms_agreement_text'] = isset($_POST['terms_agreement_text'][$index]) ? wp_kses_post((string) $_POST['terms_agreement_text'][$index]) : '';
                 $meta_field['date_revised'] = isset($_POST['date_revised'][$index]) ? strtotime((string) $_POST['date_revised'][$index]) : time();
                 if (empty($meta_field['meta_key'])) {
                     $meta_field['meta_key'] = 'rpr_' . Register_Plus_Redux::sanitize_text($meta_field['label']);
                 }
             }
             $redux_usermeta[] = $meta_field;
         }
     }
     if (isset($_POST['newMetaFields'])) {
         foreach ((array) $_POST['newMetaFields'] as $label) {
             $meta_field = array();
             $meta_field['label'] = sanitize_text_field($label);
             $meta_field['meta_key'] = 'rpr_' . Register_Plus_Redux::sanitize_text($meta_field['label']);
             $meta_field['display'] = '';
             $meta_field['options'] = '';
             $meta_field['escape_url'] = '0';
             $meta_field['show_on_profile'] = '0';
             $meta_field['show_on_registration'] = '0';
             $meta_field['require_on_registration'] = '0';
             $meta_field['show_datepicker'] = '0';
             $meta_field['terms_content'] = '';
             $meta_field['terms_agreement_text'] = '';
             $meta_field['date_revised'] = time();
             $redux_usermeta[] = $meta_field;
         }
     }
     $register_plus_redux->rpr_update_options($options);
     if (!empty($invitation_code_bank)) {
         update_option('register_plus_redux_invitation_code_bank-rv1', $invitation_code_bank);
     }
     if (!empty($redux_usermeta)) {
         update_option('register_plus_redux_usermeta-rv2', $redux_usermeta);
     }
 }
コード例 #13
0
 /**
  * Sanitize the field choices property.
  *
  * @param array|null $choices The field choices property.
  *
  * @return array|null
  */
 public function sanitize_settings_choices($choices = null)
 {
     if (is_null($choices)) {
         $choices =& $this->choices;
     }
     if (!is_array($choices)) {
         return $choices;
     }
     foreach ($choices as &$choice) {
         if (isset($choice['isSelected'])) {
             $choice['isSelected'] = (bool) $choice['isSelected'];
         }
         if (isset($choice['price']) && !empty($choice['price'])) {
             $price_number = GFCommon::to_number($choice['price']);
             $choice['price'] = GFCommon::to_money($price_number);
         }
         if (isset($choice['text'])) {
             $choice['text'] = $this->maybe_wp_kses($choice['text']);
         }
         if (isset($choice['value'])) {
             // Strip scripts but don't encode
             $allowed_protocols = wp_allowed_protocols();
             $choice['value'] = wp_kses_no_null($choice['value'], array('slash_zero' => 'keep'));
             $choice['value'] = wp_kses_hook($choice['value'], 'post', $allowed_protocols);
             $choice['value'] = wp_kses_split($choice['value'], 'post', $allowed_protocols);
         }
     }
     return $choices;
 }
コード例 #14
0
ファイル: class-gf-field.php プロジェクト: timk85/DIT
 /**
  * Override this method to implement the appropriate sanitization specific to the field type before the value is saved.
  *
  * This base method provides a generic sanitization similar to wp_kses but values are not encoded.
  * Scripts are stripped out leaving allowed tags if HTMl is allowed.
  *
  * @param string $value The field value to be processed.
  * @param int $form_id The ID of the form currently being processed.
  *
  * @return string
  */
 public function sanitize_entry_value($value, $form_id)
 {
     if (is_array($value)) {
         return '';
     }
     //allow HTML for certain field types
     $allow_html = $this->allow_html();
     $allowable_tags = gf_apply_filters(array('gform_allowable_tags', $form_id), $allow_html, $this, $form_id);
     if ($allowable_tags !== true) {
         $value = strip_tags($value, $allowable_tags);
     }
     $allowed_protocols = wp_allowed_protocols();
     $value = wp_kses_no_null($value, array('slash_zero' => 'keep'));
     $value = wp_kses_hook($value, 'post', $allowed_protocols);
     $value = wp_kses_split($value, 'post', $allowed_protocols);
     return $value;
 }
コード例 #15
0
 /**
  * sanitize user entered css
  * as seen here: http://wordpress.stackexchange.com/questions/53970/sanitize-user-entered-css
  *
  * @param type $css
  */
 function sanitize_css($css)
 {
     if (!class_exists('csstidy')) {
         include_once 'csstidy/class.csstidy.php';
     }
     $csstidy = new csstidy();
     $csstidy->set_cfg('remove_bslash', false);
     $csstidy->set_cfg('compress_colors', false);
     $csstidy->set_cfg('compress_font-weight', false);
     $csstidy->set_cfg('discard_invalid_properties', true);
     $csstidy->set_cfg('merge_selectors', false);
     $csstidy->set_cfg('remove_last_;', false);
     $csstidy->set_cfg('css_level', 'CSS3.0');
     $css = preg_replace('/\\\\([0-9a-fA-F]{4})/', '\\\\\\\\$1', $css);
     $css = wp_kses_split($css, array(), array());
     $csstidy->parse($css);
     return $csstidy->print->plain();
 }
コード例 #16
0
 function EscapeAndFilterPostKSES($strString, $arrAllowedTags = array(), $arrDisallowedTags = array(), $arrAllowedProtocols = array())
 {
     // $arrAllowedTags : e.g. array( 'noscript' => array(), 'style' => array() );
     // $arrDisallowedTags : e.g. array( 'table', 'tbody', 'thoot', 'thead', 'th', 'tr' );
     global $allowedposttags;
     // $arrAllowedHTML = array_replace_recursive( $allowedposttags, $arrAllowedTags );    // the second parameter takes over the first.
     // $arrAllowedHTML = wp_parse_args( $arrAllowedTags, $allowedposttags );    // the first parameter takes over the second.
     $arrAllowedHTML = $this->oUtil->UniteArraysRecursive($arrAllowedTags, $allowedposttags);
     // the first parameter takes over the second.
     foreach ($arrDisallowedTags as $strTag) {
         if (isset($arrAllowedHTML[$strTag])) {
             unset($arrAllowedHTML[$strTag]);
         }
     }
     if (empty($arrAllowedProtocols)) {
         $arrAllowedProtocols = wp_allowed_protocols();
     }
     $strString = addslashes($strString);
     // the original function call was doing this - could be redundant but haven't fully tested it
     $strString = stripslashes($strString);
     // wp_filter_post_kses()
     $strString = wp_kses_no_null($strString);
     // wp_kses()
     $strString = wp_kses_js_entities($strString);
     // wp_kses()
     $strString = wp_kses_normalize_entities($strString);
     // wp_kses()
     $strString = wp_kses_hook($strString, $arrAllowedHTML, $arrAllowedProtocols);
     // WP changed the order of these funcs and added args to wp_kses_hook
     $strString = wp_kses_split($strString, $arrAllowedHTML, $arrAllowedProtocols);
     $strString = addslashes($strString);
     // wp_filter_post_kses()
     $strString = stripslashes($strString);
     // the original function call was doing this - could be redundant but haven't fully tested it
     return $strString;
 }
コード例 #17
0
 /**
  * Clean up CSS.
  * Minimal intervention, but prevent users from injecting garbage.
  *
  * @param $css
  *
  * @return string
  */
 protected static function cleanupCss($css)
 {
     $css = stripslashes($css);
     $css = preg_replace('/\\\\([0-9a-fA-F]{2,4})/', '\\\\\\\\$1', $prev = $css);
     if ($css != $prev) {
         $warnings[] = 'preg_replace() double escaped unicode escape sequences';
     }
     $css = str_replace('<=', '&lt;=', $css);
     // Some people put weird stuff in their CSS, KSES tends to be greedy
     $css = wp_kses_split($prev = $css, array(), array());
     $css = str_replace('&gt;', '>', $css);
     // kses replaces lone '>' with &gt;
     $css = strip_tags($css);
     if ($css != $prev) {
         $warnings[] = 'kses() and strip_tags() do not match';
     }
     // TODO: Something with $warnings[]
     return $css;
 }
コード例 #18
0
function fanoe_sanitize_custom_css($value)
{
    // Some people put weird stuff in their CSS, KSES tends to be greedy
    $css = str_replace('<=', '&lt;=', $value);
    // Why KSES instead of strip_tags?  Who knows?
    $css = wp_kses_split($css, array(), array());
    $css = str_replace('&gt;', '>', $css);
    // kses replaces lone '>' with &gt;
    // Why both KSES and strip_tags?  Because we just added some '>'.
    $css = strip_tags($css);
    return $css;
}
コード例 #19
0
 /**
  * Sanitize the CSS for users without `unfiltered_html`.
  *
  * @param string $css  Input CSS.
  * @param array  $args Array of CSS options.
  *
  * @return mixed|string
  */
 public static function sanitize_css($css, $args = array())
 {
     $args = wp_parse_args($args, array('force' => false, 'preprocessor' => null));
     if ($args['force'] || !current_user_can('unfiltered_html')) {
         $warnings = array();
         safecss_class();
         $csstidy = new csstidy();
         $csstidy->optimise = new safecss($csstidy);
         $csstidy->set_cfg('remove_bslash', false);
         $csstidy->set_cfg('compress_colors', false);
         $csstidy->set_cfg('compress_font-weight', false);
         $csstidy->set_cfg('optimise_shorthands', 0);
         $csstidy->set_cfg('remove_last_;', false);
         $csstidy->set_cfg('case_properties', false);
         $csstidy->set_cfg('discard_invalid_properties', true);
         $csstidy->set_cfg('css_level', 'CSS3.0');
         $csstidy->set_cfg('preserve_css', true);
         $csstidy->set_cfg('template', dirname(__FILE__) . '/csstidy/wordpress-standard.tpl');
         $prev = $css;
         $css = preg_replace('/\\\\([0-9a-fA-F]{4})/', '\\\\\\\\$1', $css);
         // prevent content: '\3434' from turning into '\\3434'.
         $css = str_replace(array('\'\\\\', '"\\\\'), array('\'\\', '"\\'), $css);
         if ($css !== $prev) {
             $warnings[] = 'preg_replace found stuff';
         }
         // Some people put weird stuff in their CSS, KSES tends to be greedy.
         $css = str_replace('<=', '&lt;=', $css);
         $prev = $css;
         // Why KSES instead of strip_tags?  Who knows?
         $css = wp_kses_split($css, array(), array());
         $css = str_replace('&gt;', '>', $css);
         // kses replaces lone '>' with &gt;
         // Why both KSES and strip_tags?  Because we just added some '>'.
         $css = strip_tags($css);
         if ($css != $prev) {
             $warnings[] = 'kses found stuff';
         }
         // if we're not using a preprocessor.
         if (!$args['preprocessor']) {
             /** This action is documented in modules/custom-css/custom-css.php */
             do_action('safecss_parse_pre', $csstidy, $css, $args);
             $csstidy->parse($css);
             /** This action is documented in modules/custom-css/custom-css.php */
             do_action('safecss_parse_post', $csstidy, $warnings, $args);
             $css = $csstidy->print->plain();
         }
     }
     return $css;
 }
コード例 #20
0
 /**
  * Escapes the given string for the KSES filter with the criteria of allowing/disallowing tags and the protocol.
  * 
  * @remark           Attributes are not supported at this moment.
  * @param            array            $aAllowedTags                e.g. array( 'noscript', 'style', )
  * @param            array            $aDisallowedTags            e.g. array( 'table', 'tbody', 'thoot', 'thead', 'th', 'tr' )
  * @since            2.0.0
  */
 public static function escapeKSESFilter($sString, $aAllowedTags = array(), $aDisallowedTags = array(), $aAllowedProtocols = array())
 {
     foreach ($aAllowedTags as $sTag) {
         $aFormatAllowedTags[$sTag] = array();
         // activate the inline style attribute.
     }
     $aAllowedHTMLTags = AmazonAutoLinks_Utility::uniteArrays($aFormatAllowedTags, $GLOBALS['allowedposttags']);
     // the first parameter takes over the second.
     foreach ($aDisallowedTags as $sTag) {
         if (isset($aAllowedHTMLTags[$sTag])) {
             unset($aAllowedHTMLTags[$sTag]);
         }
     }
     if (empty($aAllowedProtocols)) {
         $aAllowedProtocols = wp_allowed_protocols();
     }
     $sString = addslashes($sString);
     // the original function call was doing this - could be redundant but haven't fully tested it
     $sString = stripslashes($sString);
     // wp_filter_post_kses()
     $sString = wp_kses_no_null($sString);
     // wp_kses()
     $sString = wp_kses_js_entities($sString);
     // wp_kses()
     $sString = wp_kses_normalize_entities($sString);
     // wp_kses()
     $sString = wp_kses_hook($sString, $aAllowedHTMLTags, $aAllowedProtocols);
     // WP changed the order of these funcs and added args to wp_kses_hook
     $sString = wp_kses_split($sString, $aAllowedHTMLTags, $aAllowedProtocols);
     $sString = addslashes($sString);
     // wp_filter_post_kses()
     $sString = stripslashes($sString);
     // the original function call was doing this - could be redundant but haven't fully tested it
     return $sString;
 }
コード例 #21
0
    /**
     * CSS validation
     * Much of this code is courtesy of SafeCSS by Automattic and CSSTidy
     * 
     * @since 0.1
     * @author Ryan Hellyer <*****@*****.**>
     * @param string $css
     * @return string
     */
    private function validate_css($css)
    {
        // SafeCSS / CSSTidy stuff
        $csstidy = new csstidy();
        $csstidy->optimise = new safecss($csstidy);
        $csstidy->set_cfg('remove_bslash', false);
        $csstidy->set_cfg('compress_colors', false);
        $csstidy->set_cfg('compress_font-weight', false);
        $csstidy->set_cfg('discard_invalid_properties', true);
        $csstidy->set_cfg('merge_selectors', false);
        $csstidy->set_cfg('preserve_css', true);
        // Outputs code comments
        // $csstidy->set_cfg( 'lowercase_s', false );
        // $csstidy->set_cfg( 'optimise_shorthands', 1 );
        // $csstidy->set_cfg( 'remove_last_;', false );
        // $csstidy->set_cfg( 'case_properties', 1 );
        // $csstidy->set_cfg( 'sort_properties', false );
        // $csstidy->set_cfg( 'sort_selectors', false );
        // Santisation stuff copied from SafeCSS by Automattic
        $css = stripslashes($css);
        $css = preg_replace('/\\\\([0-9a-fA-F]{4})/', '\\\\\\\\$1', $prev = $css);
        $css = str_replace('<=', '&lt;=', $css);
        // Some people put weird stuff in their CSS, KSES tends to be greedy
        $css = wp_kses_split($prev = $css, array(), array());
        // Why KSES instead of strip_tags?  Who knows?
        $css = str_replace('&gt;', '>', $css);
        // kses replaces lone '>' with &gt;
        $css = strip_tags($css);
        // Why both KSES and strip_tags?  Because we just added some '>'.
        // Parse with CSS tidy
        $csstidy->parse($css);
        // Parse with CSS Tidy
        $css = $csstidy->print->plain();
        // Grab CSS output
        /**
         * Make the CSS pretty
         * This code is quite crude, but it works fine and it's not hideously inefficient so we'll do for the mean time :)
         * @since 0.9
         */
        $css = preg_replace('/\\n/', '', $css);
        // Stripping carriage returns
        $css = str_replace(';', ';
	', $css);
        // Add carriage return after ";"
        $css = str_replace('!important;', ' !important;', $css);
        // Adding space back in before !important declaration
        //$css = str_replace( '#suckerfishnav', '.pixopoint', $css ); // Legacy support for CSS generator and older PixoPoint plugins
        $css = str_replace('
	}', '
}
', $css);
        // Remove tab before and carriage return after "}"
        $css = str_replace('{', '{
	', $css);
        // Add carriage return and tab after "{"
        $css = str_replace('*/', '*/
', $css);
        // Add carriage return after code comment
        $css = str_replace('/*', '
/*', $css);
        // Add two carriage returns before code comment
        // Code Comments
        $css = str_replace("}/*", "}\n/*", $css);
        // Prevents comments showing up immediately after { symbol
        // Nested brace correction
        $css = str_replace("}\n}", "\t}\n}", $css);
        // Indents first brace
        $css = explode('{', $css);
        // The following is hideous code - but it works so will probably remain here until some kind sole offers to rewrite it
        foreach ($css as $piece => $chunk) {
            if (!isset($count)) {
                $count = '';
            }
            if ($count == 0) {
                $chunk = explode('}', $chunk);
                if (!isset($chunk[1])) {
                    $chunk[1] = '';
                }
                $chunk[1] = str_replace(',', ',
', $chunk[1]);
                // Adds carriage return after comma - doesn't work with first line
                $chunk[0] = str_replace(':', ': ', $chunk[0]);
                // Add spaces after colons - needs to be here to avoid messing up pseudo-classes
                //$chunk[0] = str_replace( ',', ',', $chunk[0] ); // Add space after comma - mainly for font-family declarations - doesn't work
                $chunk = implode('}', $chunk);
                $count = -1;
            }
            $css[$piece] = $chunk;
            $count++;
        }
        $css = implode('{', $css);
        $css = str_replace('}{', '{', $css);
        // Nasty hack to fix "{}" code bug
        $css = substr($css, 0, -1);
        // Nasty hack to remove final "}"
        return $css;
    }
コード例 #22
0
 /**
  * Override this method to implement the appropriate sanitization specific to the field type before the value is saved.
  *
  * This base method provides a generic sanitization similar to wp_kses but values are not encoded.
  * Scripts are stripped out leaving tags allowed by the gform_allowable_tags filter.
  *
  * @param string $value The field value to be processed.
  * @param int $form_id The ID of the form currently being processed.
  *
  * @return string
  */
 public function sanitize_entry_value($value, $form_id)
 {
     if (is_array($value)) {
         return '';
     }
     /**
      * Provisional filter - may be subject to change or removal.
      *
      * @param bool
      * @param int $form_id
      * @para GF_Field $this
      */
     $sanitize = apply_filters('gform_sanitize_entry_value', true, $form_id, $this);
     if (!$sanitize) {
         return $value;
     }
     //allow HTML for certain field types
     $allow_html = $this->allow_html();
     $allowable_tags = gf_apply_filters(array('gform_allowable_tags', $form_id), $allow_html, $this, $form_id);
     if ($allowable_tags !== true) {
         $value = strip_tags($value, $allowable_tags);
     }
     $allowed_protocols = wp_allowed_protocols();
     $value = wp_kses_no_null($value, array('slash_zero' => 'keep'));
     $value = wp_kses_hook($value, 'post', $allowed_protocols);
     $value = wp_kses_split($value, 'post', $allowed_protocols);
     return $value;
 }
コード例 #23
0
/**
 * sanitize css input
 *
 * @since 1.1.1
 * @access private
 */
function omega_custom_css_sanitize($css)
{
    if ('' != $css) {
        $css = str_replace('<=', '&lt;=', $css);
        $css = wp_kses_split($css, array(), array());
        $css = str_replace('&gt;', '>', $css);
        $css = strip_tags($css);
    }
    return $css;
}
コード例 #24
0
ファイル: custom-css.php プロジェクト: pcuervo/wp-carnival
 static function filter_attr($css, $element = 'div')
 {
     safecss_class();
     $css = $element . ' {' . $css . '}';
     $csstidy = new csstidy();
     $csstidy->optimise = new safecss($csstidy);
     $csstidy->set_cfg('remove_bslash', false);
     $csstidy->set_cfg('compress_colors', false);
     $csstidy->set_cfg('compress_font-weight', false);
     $csstidy->set_cfg('discard_invalid_properties', true);
     $csstidy->set_cfg('merge_selectors', false);
     $csstidy->set_cfg('remove_last_;', false);
     $csstidy->set_cfg('css_level', 'CSS3.0');
     $css = preg_replace('/\\\\([0-9a-fA-F]{4})/', '\\\\\\\\$1', $css);
     $css = wp_kses_split($css, array(), array());
     $csstidy->parse($css);
     $css = $csstidy->print->plain();
     $css = str_replace(array("\n", "\r", "\t"), '', $css);
     preg_match("/^{$element}\\s*{(.*)}\\s*\$/", $css, $matches);
     if (empty($matches[1])) {
         return '';
     }
     return $matches[1];
 }
コード例 #25
0
 /**
  * Strip scripts and some HTML tags.
  *
  * @param string $value The field value to be processed.
  * @param int $form_id The ID of the form currently being processed.
  *
  * @return string
  */
 public function sanitize_entry_value($value, $form_id)
 {
     if (is_array($value)) {
         return '';
     }
     $allowable_tags = $this->get_allowable_tags($form_id);
     if ($allowable_tags !== true) {
         $value = strip_tags($value, $allowable_tags);
     }
     $allowed_protocols = wp_allowed_protocols();
     $value = wp_kses_no_null($value, array('slash_zero' => 'keep'));
     $value = wp_kses_hook($value, 'post', $allowed_protocols);
     $value = wp_kses_split($value, 'post', $allowed_protocols);
     return $value;
 }
コード例 #26
0
ファイル: kses.php プロジェクト: zoran180/wp_szf
/**
 * Filters content and keeps only allowable HTML elements.
 *
 * This function makes sure that only the allowed HTML element names, attribute
 * names and attribute values plus only sane HTML entities will occur in
 * $string. You have to remove any slashes from PHP's magic quotes before you
 * call this function.
 *
 * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
 * 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This
 * covers all common link protocols, except for 'javascript' which should not
 * be allowed for untrusted users.
 *
 * @since 1.0.0
 *
 * @param string $string            Content to filter through kses
 * @param array  $allowed_html      List of allowed HTML elements
 * @param array  $allowed_protocols Optional. Allowed protocol in links.
 * @return string Filtered content with only allowed HTML elements
 */
function wp_kses($string, $allowed_html, $allowed_protocols = array())
{
    if (empty($allowed_protocols)) {
        $allowed_protocols = wp_allowed_protocols();
    }
    $string = wp_kses_no_null($string, array('slash_zero' => 'keep'));
    $string = wp_kses_js_entities($string);
    $string = wp_kses_normalize_entities($string);
    $string = wp_kses_hook($string, $allowed_html, $allowed_protocols);
    // WP changed the order of these funcs and added args to wp_kses_hook
    return wp_kses_split($string, $allowed_html, $allowed_protocols);
}
コード例 #27
0
 /**
  * Filters content and keeps only allowable HTML elements.
  *
  * This is the same function as built into WP, but with optional allowing of keeping "&"
  *
  * @param string $string Content to filter through kses
  * @param array $allowed_html List of allowed HTML elements
  * @param array $allowed_protocols Optional. Allowed protocol in links.
  * @return string Filtered content with only allowed HTML elements
  */
 function wp_kses($string, $allowed_html, $allowed_protocols = array(), $skip_normalize_entities = false)
 {
     if (empty($allowed_protocols)) {
         $allowed_protocols = wp_allowed_protocols();
     }
     $string = wp_kses_no_null($string);
     $string = wp_kses_js_entities($string);
     if (!$skip_normalize_entities) {
         $string = wp_kses_normalize_entities($string);
     }
     $string = wp_kses_hook($string, $allowed_html, $allowed_protocols);
     // WP changed the order of these funcs and added args to wp_kses_hook
     return wp_kses_split($string, $allowed_html, $allowed_protocols);
 }