$newcontent = stripslashes($_POST['newcontent']);
$theme = urlencode($theme);
if (is_writeable($file)) {
//is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable
$f = fopen($file, 'w+');
if ($f !== FALSE) {
fwrite($f, $newcontent);
fclose($f);
$location = "theme-editor.php?file={$file}&theme={$theme}&a=te&scrollto={$scrollto}";
} else {
$location = "theme-editor.php?file={$file}&theme={$theme}&scrollto={$scrollto}";
}
} else {
$location = "theme-editor.php?file={$file}&theme={$theme}&scrollto={$scrollto}";
}
$location = nxt_kses_no_null($location);
$strip = array('%0d', '%0a', '%0D', '%0A');
$location = _deep_replace($strip, $location);
header("Location: {$location}");
exit;
break;
default:
require_once ABSPATH . 'nxt-admin/admin-header.php';
update_recently_edited($file);
if (!is_file($file)) {
$error = 1;
}
$content = '';
if (!$error && filesize($file) > 0) {
$f = fopen($file, 'r');
$content = fread($f, filesize($file));
/**
* Inline CSS filter
*
* @since 2.8.1
*/
function safecss_filter_attr($css, $deprecated = '')
{
if (!empty($deprecated)) {
_deprecated_argument(__FUNCTION__, '2.8.1');
}
// Never implemented
$css = nxt_kses_no_null($css);
$css = str_replace(array("\n", "\r", "\t"), '', $css);
if (preg_match('%[\\(&=}]|/\\*%', $css)) {
// remove any inline css containing \ ( & } = or comments
return '';
}
$css_array = explode(';', trim($css));
$allowed_attr = apply_filters('safe_style_css', array('text-align', 'margin', 'color', 'float', 'border', 'background', 'background-color', 'border-bottom', 'border-bottom-color', 'border-bottom-style', 'border-bottom-width', 'border-collapse', 'border-color', 'border-left', 'border-left-color', 'border-left-style', 'border-left-width', 'border-right', 'border-right-color', 'border-right-style', 'border-right-width', 'border-spacing', 'border-style', 'border-top', 'border-top-color', 'border-top-style', 'border-top-width', 'border-width', 'caption-side', 'clear', 'cursor', 'direction', 'font', 'font-family', 'font-size', 'font-style', 'font-variant', 'font-weight', 'height', 'letter-spacing', 'line-height', 'margin-bottom', 'margin-left', 'margin-right', 'margin-top', 'overflow', 'padding', 'padding-bottom', 'padding-left', 'padding-right', 'padding-top', 'text-decoration', 'text-indent', 'vertical-align', 'width'));
if (empty($allowed_attr)) {
return $css;
}
$css = '';
foreach ($css_array as $css_item) {
if ($css_item == '') {
continue;
}
$css_item = trim($css_item);
$found = false;
if (strpos($css_item, ':') === false) {
$found = true;
} else {
$parts = split(':', $css_item);
if (in_array(trim($parts[0]), $allowed_attr)) {
$found = true;
}
}
if ($found) {
if ($css != '') {
$css .= ';';
}
$css .= $css_item;
}
}
return $css;
}
/**
* Sanitizes a URL for use in a redirect.
*
* @since 2.3
*
* @return string redirect-sanitized URL
**/
function nxt_sanitize_redirect($location)
{
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
$location = nxt_kses_no_null($location);
// remove %0d and %0a from location
$strip = array('%0d', '%0a');
$found = true;
while ($found) {
$found = false;
foreach ((array) $strip as $val) {
while (strpos($location, $val) !== false) {
$found = true;
$location = str_replace($val, '', $location);
}
}
}
return $location;
}
/**
* Retrieve the post content.
*
* @since 0.71
*
* @param string $more_link_text Optional. Content for when there is more text.
* @param bool $stripteaser Optional. Strip teaser content before the more text. Default is false.
* @return string
*/
function get_the_content($more_link_text = null, $stripteaser = false)
{
global $post, $more, $page, $pages, $multipage, $preview;
if (null === $more_link_text) {
$more_link_text = __('(more...)');
}
$output = '';
$hasTeaser = false;
// If post password required and it doesn't match the cookie.
if (post_password_required($post)) {
$output = get_the_password_form();
return $output;
}
if ($page > count($pages)) {
// if the requested page doesn't exist
$page = count($pages);
}
// give them the highest numbered page that DOES exist
$content = $pages[$page - 1];
if (preg_match('/<!--more(.*?)?-->/', $content, $matches)) {
$content = explode($matches[0], $content, 2);
if (!empty($matches[1]) && !empty($more_link_text)) {
$more_link_text = strip_tags(nxt_kses_no_null(trim($matches[1])));
}
$hasTeaser = true;
} else {
$content = array($content);
}
if (false !== strpos($post->post_content, '<!--noteaser-->') && (!$multipage || $page == 1)) {
$stripteaser = true;
}
$teaser = $content[0];
if ($more && $stripteaser && $hasTeaser) {
$teaser = '';
}
$output .= $teaser;
if (count($content) > 1) {
if ($more) {
$output .= '<span id="more-' . $post->ID . '"></span>' . $content[1];
} else {
if (!empty($more_link_text)) {
$output .= apply_filters('the_content_more_link', ' <a href="' . get_permalink() . "#more-{$post->ID}\" class=\"more-link\">{$more_link_text}</a>", $more_link_text);
}
$output = force_balance_tags($output);
}
}
if ($preview) {
// preview fix for javascript bug with foreign languages
$output = preg_replace_callback('/\\%u([0-9A-F]{4})/', '_convert_urlencoded_to_entities', $output);
}
return $output;
}
function bb_fix_link($link)
{
if (false === strpos($link, '.')) {
// these are usually random words
return '';
}
$link = nxt_kses_no_null($link);
return esc_url($link);
}
/**
* Sanitizes a URL for use in a redirect.
*
* @since 2.3
*
* @return string redirect-sanitized URL
**/
function nxt_sanitize_redirect($location)
{
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%!]|i', '', $location);
$location = nxt_kses_no_null($location);
// remove %0d and %0a from location
$strip = array('%0d', '%0a', '%0D', '%0A');
$location = _deep_replace($strip, $location);
return $location;
}