function get_plugin_version($author)
{
    require_once ABSPATH . '/wp-admin/includes/plugin.php';
    if ($author !== '') {
        $plugin_author = $author;
    } else {
        $plugin_author = '*';
    }
    $plugins = get_plugins();
    $plugins_allowedtags1 = array('a' => array('href' => array(), 'title' => array()), 'abbr' => array('title' => array()), 'acronym' => array('title' => array()), 'code' => array(), 'em' => array(), 'strong' => array());
    foreach ($plugins as $plugin_file => $plugin_data) {
        $plugin_data['Title'] = wp_kses($plugin_data['Title'], $plugins_allowedtags1);
        $plugin_data['Title'] = $plugin_data['PluginURI'] ? '<a href="' . $plugin_data['PluginURI'] . '">' . $plugin_data['Title'] . '</a>' : $plugin_data['Title'];
        $plugin_data['Version'] = wp_kses($plugin_data['Version'], $plugins_allowedtags1);
        $plugin_data['Author'] = wp_kses($plugin_data['Author'], $plugins_allowedtags1);
        $plugin_data['Author'] = empty($plugin_data['Author']) ? '' : ' <cite>' . sprintf(__('%s', 'wp-list-plugins'), $plugin_data['AuthorURI'] ? '<a href="' . $plugin_data['AuthorURI'] . '">' . $plugin_data['Author'] . '</a>' : $plugin_data['Author']) . '.</cite>';
        $local_version = $plugin_data['Version'];
        //    $local_version='0.5';
        if (strpos($plugin_data['Author'], $plugin_author) == true || strpos($plugin_data['Name'], 'Rob') == true || $author == '') {
            $var_sHtml .= "<li>{$plugin_data['Title']} (v. {$plugin_data['Version']} ) By {$plugin_data['Author']}.</li>";
            $p_arr = explode("/", $plugin_file);
            $p_file = $p_arr[0];
            compare_versions($p_file, $local_version);
        }
        $var_iPlugInNumber++;
    }
    if (is_admin()) {
        echo $var_sHtml;
    }
    return $var_sHtml;
}
示例#2
0
 public function shortcode($atts, $content = null)
 {
     $attributes = shortcode_atts(array('title' => ''), $atts);
     $attributes['title'] = wp_kses($attributes['title'], array());
     $output = sprintf('<div class="st-toggle"><a class="text-primary" href="#">%s</a><div class="st-toggle-content">%s</div></div>', $attributes['title'], do_shortcode($content));
     return $output;
 }
示例#3
0
 function check($files)
 {
     $result = true;
     /**
      * Extract the theme name from style.css.
      */
     $css = $this->merge_files($files, 'css');
     preg_match('|Theme Name:(.*)$|mi', $css, $theme_name);
     $name = isset($theme_name[1]) ? wp_kses(trim($theme_name[1]), array()) : '';
     /**
      * Check if the theme name exists.
      */
     $this->increment_check_count();
     if (empty($name)) {
         $this->add_error('theme-name', 'The theme name needs to be indicated in style.css.', Basescanner::LEVEL_BLOCKER);
         $result = false;
         // There is no point in continuing of there is no theme name.
         return $result;
     }
     /**
      * List of all the words (case insensitive) that can't be part of the theme name.
      */
     $this->increment_check_count();
     $forbidden_words = array('blog', 'creative', 'css3', 'css 3', 'framework', 'html5', 'html 5', 'pro', 'responsive', 'skin', 'template', 'theme', 'Twenty', 'WordPress', 'WordPress.com', 'WP', 'WP.com');
     foreach ($forbidden_words as $word) {
         if (preg_match('/(\\s|^)' . $word . '(\\s|$)/i', $name)) {
             $this->add_error('theme-name', 'Found the word <em>' . esc_html($word) . '</em> in the theme name. This word is not allowed, please remove it.', Basescanner::LEVEL_BLOCKER);
             $result = false;
         }
     }
     return $result;
 }
    /**
     * HTML to display after the section.
     *
     * @return string
     * @access public
     */
    public function after_section()
    {
        ?>
			</div>
			<div class="apple-news-settings-preview">
				<?php 
        // Build sample content
        $settings = new Admin_Apple_Settings();
        $title = sprintf('<h1 class="apple-news-title apple-news-component">%s</h1>', __('Sample Article', 'apple-news'));
        $cover = sprintf('<div class="apple-news-cover">%s</div>', __('Cover', 'apple-news'));
        // Build the byline
        $author = __('John Doe', 'apple-news');
        $date = date('M j, Y g:i A');
        $export = new Apple_Actions\Index\Export($settings->fetch_settings());
        $byline = sprintf('<div class="apple-news-byline apple-news-component">%s</div>', $export->format_byline(null, $author, $date));
        // Get the order of the top components
        $component_order = self::get_value('meta_component_order');
        foreach ($component_order as $component) {
            echo wp_kses(${$component}, self::$allowed_html);
        }
        ?>
				<div class="apple-news-component">
				<p><span class="apple-news-dropcap">L</span>orem ipsum dolor sit amet, consectetur adipiscing elit. Mauris sagittis, <a href="#">augue vitae iaculis euismod</a>, libero nulla pellentesque quam, non venenatis massa odio id dolor.</p>
				<div class="apple-news-pull-quote">Lorem ipsum dolor sit amet.</div>
				<p>Praesent eget odio vel sapien scelerisque euismod. Phasellus eros sapien, rutrum ac nibh nec, tristique commodo neque.</p>
				<h2>Quisque efficitur</h2>
				<p>Quisque efficitur sit amet ex et venenatis. Morbi nisi nisi, ornare id iaculis eget, pulvinar ac dolor.</p>
				<p>In eu la	cus porttitor, pellentesque diam et, tristique elit. Mauris justo odio, efficitur sit amet aliquet id, aliquam placerat turpis.</p>
				</div>
			</div>
		</div>
		<?php 
    }
示例#5
0
function wp_stream_reports_selector($data_types, $args, $class)
{
    $options = array();
    foreach ($data_types as $key => $item) {
        $selected = false;
        if (isset($item['connector']) && $item['connector'] == $args['connector_id'] && isset($item['context']) && $item['context'] == null) {
            $selected = true;
        } else {
            if (isset($item['action']) && $item['action'] == $args['action_id']) {
                $selected = true;
            }
        }
        $option_args = array('value' => $key, 'label' => isset($item['label']) ? $item['label'] : null, 'selected' => selected($selected, true, false), 'disabled' => isset($item['disabled']) ? $item['disabled'] : null, 'class' => isset($item['children']) ? 'level-1' : null, 'connector' => isset($item['connector']) ? $item['connector'] : null, 'context' => isset($item['context']) ? $item['context'] : null, 'action' => isset($item['action']) ? $item['action'] : null);
        $options[] = wp_stream_reports_filter_option($option_args);
        if (isset($item['children'])) {
            foreach ($item['children'] as $child_value => $child_item) {
                $selected = false;
                if (isset($child_item['connector']) && $child_item['connector'] == $args['connector_id'] && isset($child_item['context']) && $child_item['context'] == $args['context_id']) {
                    $selected = true;
                }
                $option_args = array('value' => $child_value, 'label' => isset($child_item['label']) ? $child_item['label'] : null, 'selected' => selected($selected, true, false), 'disabled' => isset($child_item['disabled']) ? $child_item['disabled'] : null, 'class' => 'level-2', 'connector' => isset($child_item['connector']) ? $child_item['connector'] : null, 'context' => isset($child_item['context']) ? $child_item['context'] : null, 'action' => isset($child_item['action']) ? $child_item['action'] : null);
                $options[] = wp_stream_reports_filter_option($option_args);
            }
        }
    }
    $allowed_html = array('option' => array('value' => array(), 'selected' => array(), 'disabled' => array(), 'class' => array(), 'data-connector' => array(), 'data-context' => array(), 'data-action' => array()));
    printf('<select class="%s">%s</select>', esc_attr($class), wp_kses(implode('', $options), $allowed_html));
}
示例#6
0
function archives_shortcode($attr)
{
    if (is_feed()) {
        return '[archives]';
    }
    global $allowedposttags;
    $default_atts = array('type' => 'postbypost', 'limit' => '', 'format' => 'html', 'showcount' => false, 'before' => '', 'after' => '', 'order' => 'desc');
    extract(shortcode_atts($default_atts, $attr));
    if (!in_array($type, array('yearly', 'monthly', 'daily', 'weekly', 'postbypost'))) {
        $type = 'postbypost';
    }
    if (!in_array($format, array('html', 'option', 'custom'))) {
        $format = 'html';
    }
    if ('' != $limit) {
        $limit = (int) $limit;
    }
    $showcount = (bool) $showcount;
    $before = wp_kses($before, $allowedposttags);
    $after = wp_kses($after, $allowedposttags);
    // Get the archives
    $archives = wp_get_archives('type=' . $type . '&limit=' . $limit . '&format=' . $format . '&echo=0&show_post_count=' . $showcount . '&before=' . $before . '&after=' . $after);
    if ('asc' == $order) {
        $archives = implode("\n", array_reverse(explode("\n", $archives)));
    }
    // Check to see if there are any archives
    if (empty($archives)) {
        $archives = '<p>' . __('Your blog does not currently have any published posts.', 'jetpack') . '</p>';
    } elseif ('option' == $format) {
        $archives = "<select name='archive-dropdown' onchange='document.location.href=this.options[this.selectedIndex].value;'><option value='" . get_permalink() . "'>--</option>" . $archives . "</select>";
    } elseif ('html' == $format) {
        $archives = '<ul>' . $archives . '</ul>';
    }
    return $archives;
}
示例#7
0
function flat_paging_nav()
{
    // Don't print empty markup if there's only one page.
    if ($GLOBALS['wp_query']->max_num_pages < 2) {
        return;
    }
    $paged = get_query_var('paged') ? intval(get_query_var('paged')) : 1;
    $pagenum_link = html_entity_decode(get_pagenum_link());
    $query_args = array();
    $url_parts = explode('?', $pagenum_link);
    if (isset($url_parts[1])) {
        wp_parse_str($url_parts[1], $query_args);
    }
    $pagenum_link = remove_query_arg(array_keys($query_args), $pagenum_link);
    $pagenum_link = trailingslashit($pagenum_link) . '%_%';
    $format = $GLOBALS['wp_rewrite']->using_index_permalinks() && !strpos($pagenum_link, 'index.php') ? 'index.php/' : '';
    $format .= $GLOBALS['wp_rewrite']->using_permalinks() ? user_trailingslashit('page/%#%', 'paged') : '?paged=%#%';
    // Set up paginated links.
    $links = paginate_links(array('base' => $pagenum_link, 'format' => $format, 'total' => $GLOBALS['wp_query']->max_num_pages, 'current' => $paged, 'mid_size' => 4, 'add_args' => array_map('urlencode', $query_args), 'prev_text' => __('<i class="fa fa-chevron-left"></i>', 'flat'), 'next_text' => __('<i class="fa fa-chevron-right"></i>', 'flat')));
    $allowed_html = array('a' => array('href' => array(), 'class' => array()), 'span' => array('class' => array()), 'i' => array('class' => array()));
    if ($links) {
        ?>
		<nav class="navigation paging-navigation" role="navigation">
			<div class="nav-links">
				<?php 
        echo wp_kses($links, $allowed_html);
        ?>
			</div>
		</nav>
	<?php 
    }
}
示例#8
0
/**
 * Filter the source for foolish strings.
 *
 * @param string $source The custom css source code from settings.
 *
 * @return string
 */
function filter_source($source)
{
    $source = wp_kses($source, array('\'', '\\"'));
    // Remove blank lines from string.
    $source = preg_replace("/(^[\r\n]*|[\r\n]+)[\\s\t]*[\r\n]+/", "\n", $source);
    return $source;
}
/**
 * Inserts a comment for the current post if the user is logged in.
 *
 * @since 0.1-alpha
 * @uses check_ajax_referer()
 * @uses is_user_logged_in()
 * @uses wp_insert_comment()
 * @uses wp_get_current_user()
 * @uses current_time()
 * @uses wp_kses()
 * @uses get_option()
 */
function inline_comments_add_comment()
{
    check_ajax_referer('inline_comments_nonce', 'security');
    $comment = trim(wp_kses($_POST['comment'], array('a' => array('href' => array(), 'title' => array()), 'br' => array(), 'em' => array(), 'strong' => array(), 'blockquote' => array(), 'code' => array())));
    if (empty($comment)) {
        die;
    }
    if (get_option('comment_registration') == 1 && !is_user_logged_in()) {
        die;
    }
    $data = array('comment_post_ID' => (int) $_POST['post_id'], 'comment_content' => $comment, 'comment_type' => '', 'comment_parent' => 0, 'comment_author_IP' => $_SERVER['REMOTE_ADDR'], 'comment_agent' => $_SERVER['HTTP_USER_AGENT'], 'comment_date' => current_time('mysql'), 'comment_approved' => 1);
    if (is_user_logged_in()) {
        $current_user = wp_get_current_user();
        $author_email = $current_user->user_email;
        $author_url = $current_user->user_url;
        $author_name = $current_user->user_nicename;
        $data['user_id'] = $current_user->ID;
    } else {
        $author_email = empty($_POST['user_email']) ? null : esc_attr($_POST['user_email']);
        $author_url = empty($_POST['user_url']) ? null : esc_url($_POST['user_url'], array('http', 'https'));
        $author_name = empty($_POST['user_name']) ? null : esc_attr($_POST['user_name']);
    }
    $data['comment_author'] = $author_name;
    $data['comment_author_email'] = $author_email;
    $data['comment_author_url'] = $author_url;
    // ck - catch the new comment id for updating comment meta
    $comment_id = wp_insert_comment($data);
    // ck - now add the para-id to the comment meta
    add_comment_meta($comment_id, 'para_id', $_POST['para_id']);
    die;
}
示例#10
0
 /**
  * Get data before saving to CMB.
  */
 public function intercept_post_id()
 {
     // Check for $_POST data
     if (empty($_POST)) {
         return false;
     }
     // Check nonce
     if (!(isset($_POST['submit-cmb'], $_POST['wp_meta_box_nonce']) && wp_verify_nonce($_POST['wp_meta_box_nonce'], cmb_Meta_Box::nonce()))) {
         return;
     }
     // Setup and sanitize data
     if (isset($_POST[$this->prefix . 'place_name'])) {
         $this->new_submission = wp_insert_post(array('post_title' => sanitize_text_field($_POST[$this->prefix . 'place_name']), 'post_author' => get_current_user_id(), 'post_status' => 'draft', 'post_type' => 'accommodations', 'post_content' => wp_kses($_POST[$this->prefix . 'place_notes'], '<b><strong><i><em><h1><h2><h3><h4><h5><h6><pre><code><span>')), true);
         // If no errors, save the data into a new post draft
         if (!is_wp_error($this->new_submission)) {
             $address = sanitize_text_field($_POST['address']);
             $lat = sanitize_text_field($_POST['lat']);
             $lng = sanitize_text_field($_POST['lng']);
             $formatted_address = sanitize_text_field($_POST['formatted_address']);
             // Update the meta field in the database.
             update_post_meta($this->new_submission, 'address', $address);
             update_post_meta($this->new_submission, 'lat', $lat);
             update_post_meta($this->new_submission, 'lng', $lng);
             update_post_meta($this->new_submission, 'formatted_address', $formatted_address);
             update_post_meta($this->new_submission, 'place_image_id', $_POST['place_image_id']);
             //update post parent in place_image_id
             $image = array('ID' => get_post_meta($this->new_submission, 'place_image_id', 1), 'post_parent' => $this->new_submission);
             wp_update_post($image);
             set_post_thumbnail($this->new_submission, get_post_meta($this->new_submission, 'place_image_id', 1));
             return $this->new_submission;
         }
     }
     return false;
 }
示例#11
0
 /**
  * Sanitize and tidy a string of CSS
  *
  * @since 1.1.0
  *
  * @uses CSSTidy
  *
  * @param string $css CSS code
  * @return string Sanitized and tidied CSS code
  */
 function sanitize_css($css)
 {
     $csstidy = TablePress::load_class('csstidy', 'class.csstidy.php', 'libraries/csstidy');
     // Sanitization and not just tidying for users without enough privileges
     if (!current_user_can('unfiltered_html')) {
         $csstidy->optimise = new csstidy_custom_sanitize($csstidy);
         $css = str_replace('<=', '&lt;=', $css);
         // Let "arrows" survive, otherwise this might be recognized as the beginning of an HTML tag and removed with other stuff behind it
         $css = wp_kses($css, 'strip');
         // remove all HTML tags
         $css = str_replace('&gt;', '>', $css);
         // KSES replaces single ">" with "&gt;", but ">" is valid in CSS selectors
         $css = strip_tags($css);
         // strip_tags again, because of the just added ">" (KSES for a second time would again bring the ">" problem)
     }
     $csstidy->set_cfg('remove_bslash', false);
     $csstidy->set_cfg('compress_colors', false);
     $csstidy->set_cfg('compress_font-weight', false);
     $csstidy->set_cfg('lowercase_s', false);
     $csstidy->set_cfg('optimise_shorthands', false);
     $csstidy->set_cfg('remove_last_;', false);
     $csstidy->set_cfg('case_properties', false);
     $csstidy->set_cfg('sort_properties', false);
     $csstidy->set_cfg('sort_selectors', false);
     $csstidy->set_cfg('discard_invalid_selectors', false);
     $csstidy->set_cfg('discard_invalid_properties', true);
     $csstidy->set_cfg('merge_selectors', false);
     $csstidy->set_cfg('css_level', 'CSS3.0');
     $csstidy->set_cfg('preserve_css', true);
     $csstidy->set_cfg('timestamp', false);
     $csstidy->set_cfg('template', dirname(TABLEPRESS__FILE__) . '/libraries/csstidy/tablepress-standard.tpl');
     $csstidy->parse($css);
     return $csstidy->print->plain();
 }
    function widget($args, $instance)
    {
        extract($args);
        $instance = wp_parse_args((array) $instance, array('title' => '', 'text' => '', 'id' => '', 'input_text' => '', 'button_text' => ''));
        echo $before_widget . '<div class="enews">';
        if (!empty($instance['title'])) {
            echo $before_title . apply_filters('widget_title', $instance['title']) . $after_title;
        }
        global $_genesis_formatting_allowedtags;
        echo wpautop(wp_kses($instance['text'], $_genesis_formatting_allowedtags));
        if (!empty($instance['id'])) {
            ?>
			<form id="subscribe" action="http://feedburner.google.com/fb/a/mailverify" method="post" target="popupwindow" onsubmit="window.open('http://feedburner.google.com/fb/a/mailverify?uri=<?php 
            echo esc_js($instance['id']);
            ?>
', 'popupwindow', 'scrollbars=yes,width=550,height=520');return true"><input type="text" value="<?php 
            echo esc_attr($instance['input_text']);
            ?>
" id="subbox" onfocus="if (this.value == '<?php 
            echo esc_js($instance['input_text']);
            ?>
') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php 
            echo esc_js($instance['input_text']);
            ?>
';}" name="email"/><input type="hidden" value="<?php 
            echo esc_attr($instance['id']);
            ?>
" name="uri"/><input type="hidden" name="loc" value="en_US"/><input type="submit" value="<?php 
            echo esc_attr($instance['button_text']);
            ?>
" id="subbutton" /></form>
			<?php 
        }
        echo '</div>' . $after_widget;
    }
function dwqa_pre_content($content)
{
    global $post_submit_filter;
    $content = htmlspecialchars_decode($content);
    $content = wp_kses(dwqa_pre_content_filter($content), $post_submit_filter);
    return $content;
}
 /**
  * Class constructor
  *
  * @since 2.0.5
  * @author jkudish
  * @param string $id the field id
  * @param array $field the field settings
  * @param null|mixed $value the field's current value
  * @return void
  */
 public function __construct($id, $field, $value = null)
 {
     // setup the defaults
     $this->defaults = array('type' => 'html', 'name' => $id, 'attributes' => array(), 'class' => null, 'label' => null, 'tooltip' => null, 'size' => 'medium', 'html' => null, 'error' => false, 'value' => $value, 'options' => null, 'conditional' => true, 'display_callback' => null, 'if_empty' => null, 'can_be_empty' => false, 'clear_after' => true);
     // a list of valid field types, to prevent screwy behaviour
     $this->valid_field_types = array('heading', 'html', 'text', 'textarea', 'wysiwyg', 'radio', 'checkbox_bool', 'checkbox_list', 'dropdown', 'dropdown_chosen', 'dropdown_select2', 'license_key');
     $this->valid_field_types = apply_filters('tribe_valid_field_types', $this->valid_field_types);
     // parse args with defaults and extract them
     $args = wp_parse_args($field, $this->defaults);
     extract($args);
     // sanitize the values just to be safe
     $id = esc_attr($id);
     $type = esc_attr($type);
     $name = esc_attr($name);
     $class = sanitize_html_class($class);
     $label = wp_kses($label, array('a' => array('href' => array(), 'title' => array()), 'br' => array(), 'em' => array(), 'strong' => array(), 'b' => array(), 'i' => array(), 'u' => array(), 'img' => array('title' => array(), 'src' => array(), 'alt' => array())));
     $tooltip = wp_kses($tooltip, array('a' => array('href' => array(), 'title' => array()), 'br' => array(), 'em' => array(), 'strong' => array(), 'b' => array(), 'i' => array(), 'u' => array(), 'img' => array('title' => array(), 'src' => array(), 'alt' => array()), 'code' => array('span' => array()), 'span' => array()));
     $size = esc_attr($size);
     $html = $html;
     $error = (bool) $error;
     $value = $value;
     $conditional = $conditional;
     $display_callback = $display_callback;
     $clear_after = (bool) $clear_after;
     // set the ID
     $this->id = apply_filters('tribe_field_id', $id);
     // set each instance variable and filter
     foreach ($this->defaults as $key => $value) {
         $this->{$key} = apply_filters('tribe_field_' . $key, ${$key}, $this->id);
     }
     // epicness
     $this->doField();
 }
示例#15
0
 function check($files)
 {
     $result = true;
     $php = $this->merge_files($files, 'php');
     $php_files = $this->filter_files($files, 'php');
     /**
      * Comments listing.
      */
     $this->increment_check_count();
     if (false === strpos($php, 'wp_list_comments')) {
         $this->add_error('comments-wp-list-comments', "The theme doesn't have a call to <code>wp_list_comments()</code> in it.", Basescanner::LEVEL_BLOCKER);
         $result = false;
     }
     /**
      * Comments pagination.
      */
     $this->increment_check_count();
     if (false === strpos($php, 'paginate_comments_links') && (false === strpos($php, 'previous_comments_link') || false === strpos($php, 'next_comments_link'))) {
         $this->add_error('comments', "The theme doesn't have comment pagination code in it. Use <code>paginate_comments_links()</code> or <code>next_comments_link()</code> and <code>previous_comments_link()</code> to add comment pagination.", Basescanner::LEVEL_BLOCKER);
         $result = false;
     }
     /**
      * Check whether the comment form is filtered.
      */
     foreach ($php_files as $file_path => $file_content) {
         if (preg_match('/add_filter\\(\\s*[\'"]comment_form_defaults[\'"]/', $file_content)) {
             $this->add_error('filtering_comment_form_defaults', wp_kses(__("WordPress.com has it's own commenting experience, themes should not filter the comment form defaults via <code>add_filter( 'comment_form_defaults', [...] )</code>."), array('code' => array())), Basescanner::LEVEL_WARNING, $this->get_filename($file_path));
             $result = false;
         }
     }
     return $result;
 }
 /**
  * removes all tags which a WP Post wouldn't allow in its content normally
  * @param string $value
  * @return string
  */
 function prepare_for_set($value)
 {
     if (!current_user_can('unfiltered_html')) {
         $value = wp_kses("{$value}", wp_kses_allowed_html('post'));
     }
     return parent::prepare_for_set($value);
 }
 /**
  * @param string|array|WP_Error $data
  */
 public function feedback($data)
 {
     if (is_wp_error($data)) {
         $string = $data->get_error_message();
     } elseif (is_array($data)) {
         return;
     } else {
         $string = $data;
     }
     if (!empty($this->upgrader->strings[$string])) {
         $string = $this->upgrader->strings[$string];
     }
     if (strpos($string, '%') !== false) {
         $args = func_get_args();
         $args = array_splice($args, 1);
         if (!empty($args)) {
             $string = vsprintf($string, $args);
         }
     }
     $string = trim($string);
     // Only allow basic HTML in the messages, as it'll be used in emails/logs rather than direct browser output.
     $string = wp_kses($string, array('a' => array('href' => true), 'br' => true, 'em' => true, 'strong' => true));
     if (empty($string)) {
         return;
     }
     $this->messages[] = $string;
 }
 /**
  * Update a particular instance.
  *
  * This function should check that $new_instance is set correctly.
  * The newly calculated value of $instance should be returned.
  * If "false" is returned, the instance won't be saved/updated.
  *
  * @param array $new_instance New settings for this instance as input by the user via form()
  * @param array $old_instance Old settings for this instance
  * @return array Settings to save or bool false to cancel saving
  */
 function update($new_instance, $old_instance)
 {
     $new_instance['title'] = strip_tags($new_instance['title']);
     $new_instance['bio_text'] = wp_kses($new_instance['bio_text'], genesis_formatting_allowedtags());
     $new_instance['page_link_text'] = strip_tags($new_instance['page_link_text']);
     return $new_instance;
 }
    public function widget($args, $instance)
    {
        echo wp_kses_post($args['before_widget']);
        if (!empty($instance['title'])) {
            echo wp_kses_post($args['before_title']) . esc_html($instance['title']) . wp_kses_post($args['after_title']);
        }
        $barcelona_image = is_numeric($instance['image']) ? barcelona_get_thumbnail_url('barcelona-sq', $instance['image'], true, true) : '';
        ?>
		<div class="about-me">

			<?php 
        if (!empty($barcelona_image)) {
            echo '<p class="about-image"><img src="' . esc_url($barcelona_image[0]) . '" alt="' . esc_attr($instance['name']) . '" /></p>';
        }
        if (!empty($instance['name'])) {
            echo '<h2 class="about-name">' . esc_html($instance['name']) . '</h2>';
        }
        if (!empty($instance['job_title'])) {
            echo '<h4 class="about-job-title">' . esc_html($instance['job_title']) . '</h4>';
        }
        ?>
			<p class="description">
				<?php 
        echo wp_kses(nl2br($instance['description']), array('br' => array()));
        ?>
			</p>

		</div>
		<?php 
        echo wp_kses_post($args['after_widget']);
    }
        /**
         * Front-end display of widget.
         * @see WP_Widget::widget()
         * @param array $args     Widget arguments.
         * @param array $instance Saved values from database.
         */
        public function widget($args, $instance)
        {
            extract($args);
            extract($instance);
            global $allowed_html_tags;
            $email = sanitize_email($email);
            $email = is_email($email);
            $title = apply_filters('widget_title', $title);
            echo $before_widget;
            ?>
            <?php 
            echo $title ? $before_title . $title . $after_title : false;
            ?>
            <section class="contact-option-single">
                <address>
                    <p><?php 
            echo $address ? wp_kses($address, $allowed_html_tags) : '';
            ?>
</p>
                </address>
                <ul class="contact-options">
                    <?php 
            echo $phone ? '<li class="phone"><span>' . __('Phone: ', 'majestic-widgets') . '</span>' . esc_attr($phone) . '</li>' : '';
            echo $fax ? '<li class="fax"><span>' . __('Fax: ', 'majestic-widgets') . '</span>' . esc_attr($fax) . '</li>' : '';
            echo $email ? '<li class="email"><span>' . __('Email: ', 'majestic-widgets') . '</span><a href="mailto:' . $email . '">' . $email . '</a></li>' : '';
            ?>
                </ul>
            </section>
            <?php 
            echo $after_widget;
        }
 public static function sgPopupDataSanitize($sgPopupData)
 {
     $allowedHtmltags = wp_kses_allowed_html('post');
     $allowedHtmltags['input'] = array('name' => true, 'class' => true, 'id' => true, 'placeholder' => true, 'title' => true, 'value' => true, 'type' => true);
     $allowedHtmltags['iframe'] = array('name' => true, 'class' => true, 'id' => true, 'title' => true, 'src' => true, 'height' => true, 'width' => true);
     return wp_kses($sgPopupData, $allowedHtmltags);
 }
 /**
  * Front-end display of widget.
  *
  * @see WP_Widget::widget()
  *
  * @param array $args     Widget arguments.
  * @param array $instance Saved values from database.
  */
 public function widget($args, $instance)
 {
     echo wp_kses($args['before_widget'], array("div" => array("class" => array(), "id" => array())));
     if (!empty($instance['title'])) {
         echo wp_kses($args['before_title'], array("h3" => array("class" => array(), "id" => array()))) . apply_filters('widget_title', $instance['title']) . wp_kses($args['after_title'], array("h3" => array("class" => array(), "id" => array())));
     }
     if (function_exists('getTweets')) {
         $tweets_num = $instance['tweet_num'];
         $user = $instance['username'];
         $tweets = getTweets($user, $tweets_num);
         if (is_array($tweets)) {
             foreach ($tweets as $tweet) {
                 if ($tweet['text']) {
                     $the_tweet = $tweet['text'];
                     if (is_array($tweet['entities']['urls'])) {
                         foreach ($tweet['entities']['urls'] as $key => $link) {
                             $the_tweet = preg_replace('`' . $link['url'] . '`', '<a href="' . $link['url'] . '" target="_blank">' . $link['url'] . '</a>', $the_tweet);
                         }
                     }
                     echo "<div class='tweet_holder'><i class='fa fa-twitter'></i>" . $the_tweet . "</div>";
                 }
             }
         }
     }
     echo wp_kses($args['after_widget'], array("div" => array("class" => array(), "id" => array())));
 }
/**
 * Custom KSES filter for the Forums component.
 *
 * @param string $content Content to sanitize.
 * @return string Sanitized string.
 */
function bp_forums_filter_kses($content)
{
    global $allowedtags;
    $forums_allowedtags = $allowedtags;
    $forums_allowedtags['span'] = array();
    $forums_allowedtags['span']['class'] = array();
    $forums_allowedtags['div'] = array();
    $forums_allowedtags['div']['class'] = array();
    $forums_allowedtags['div']['id'] = array();
    $forums_allowedtags['a']['class'] = array();
    $forums_allowedtags['img'] = array();
    $forums_allowedtags['br'] = array();
    $forums_allowedtags['p'] = array();
    $forums_allowedtags['img']['src'] = array();
    $forums_allowedtags['img']['alt'] = array();
    $forums_allowedtags['img']['class'] = array();
    $forums_allowedtags['img']['width'] = array();
    $forums_allowedtags['img']['height'] = array();
    $forums_allowedtags['img']['class'] = array();
    $forums_allowedtags['img']['id'] = array();
    $forums_allowedtags['code'] = array();
    $forums_allowedtags['blockquote'] = array();
    /**
     * Filters the allowed HTML tags for forum posts.
     *
     * @since 1.2.0
     *
     * @param array $forums_allowedtags Array of allowed HTML tags.
     */
    $forums_allowedtags = apply_filters('bp_forums_allowed_tags', $forums_allowedtags);
    return wp_kses($content, $forums_allowedtags);
}
示例#24
0
    protected function render_fallback()
    {
        $classes = 'accordion-section avadaredux-main avadaredux-panel control-section control-panel control-panel-' . esc_attr($this->type);
        ?>
			<li id="accordion-panel-<?php 
        echo esc_attr($this->id);
        ?>
" class="<?php 
        echo esc_attr($classes);
        ?>
">
				<h3 class="accordion-section-title" tabindex="0">
					<?php 
        echo wp_kses($this->title, array('em' => array(), 'i' => array(), 'strong' => array(), 'span' => array('class' => array(), 'style' => array())));
        ?>
					<span class="screen-reader-text"><?php 
        esc_html_e('Press return or enter to open this panel', 'avadaredux-framework');
        ?>
</span>
				</h3>
				<ul class="accordion-sub-container control-panel-content">
					<table class="form-table">
						<tbody><?php 
        $this->render_content();
        ?>
</tbody>
					</table>
				</ul>
			</li>
			<?php 
    }
示例#25
0
function bp_forums_filter_kses($content)
{
    global $allowedtags;
    $forums_allowedtags = $allowedtags;
    $forums_allowedtags['span'] = array();
    $forums_allowedtags['span']['class'] = array();
    $forums_allowedtags['div'] = array();
    $forums_allowedtags['div']['class'] = array();
    $forums_allowedtags['div']['id'] = array();
    $forums_allowedtags['a']['class'] = array();
    $forums_allowedtags['img'] = array();
    $forums_allowedtags['br'] = array();
    $forums_allowedtags['p'] = array();
    $forums_allowedtags['img']['src'] = array();
    $forums_allowedtags['img']['alt'] = array();
    $forums_allowedtags['img']['class'] = array();
    $forums_allowedtags['img']['width'] = array();
    $forums_allowedtags['img']['height'] = array();
    $forums_allowedtags['img']['class'] = array();
    $forums_allowedtags['img']['id'] = array();
    $forums_allowedtags['code'] = array();
    $forums_allowedtags['blockquote'] = array();
    $forums_allowedtags = apply_filters('bp_forums_allowed_tags', $forums_allowedtags);
    return wp_kses($content, $forums_allowedtags);
}
    public static function get_media_item($item_data, $align = 'horizontal')
    {
        if (!is_object($item_data)) {
            return '';
        }
        $title = '';
        $caption = '';
        $link = '';
        $title_template = '<h4>%s</h4>';
        if (!empty($item_data->link)) {
            $link_url = $item_data->link;
            $link = '<a class="swiper-link" href="' . $link_url . '">' . __('Details', 'the7mk2') . '</a>';
            $title_template = '<h4><a href="' . $link_url . '">%s</a></h4>';
        }
        if (!empty($item_data->title)) {
            $title = sprintf($title_template, wp_kses($item_data->title, array()));
        }
        if (!empty($item_data->description)) {
            $caption = wpautop(wp_kses_post($item_data->description));
        }
        $image = dt_get_thumb_img(array('echo' => false, 'img_meta' => array($item_data->full, $item_data->width, $item_data->height), 'img_id' => $item_data->ID, 'alt' => $item_data->alt, 'wrap' => '<img %IMG_CLASS% %SRC% %SIZE% %ALT% />', 'prop' => false));
        $info = $title . $caption . $link;
        if ($info) {
            $info = sprintf('<span class="link show-content"></span>
				<div class="swiper-caption">
					%s
					<span class="close-link"></span>
				</div>', $info);
        }
        $html = sprintf('<div class="swiper-slide">
				%s
				%s
			</div>', $image, $info);
        return $html;
    }
示例#27
0
 public function qTools_sc_lead($atts, $content = null)
 {
     $sc_output = '<p class="lead">' . do_shortcode($content) . '</p>';
     global $allowedtags;
     $allowedtags['p'] = array('style' => array(), 'class' => array());
     return wp_kses($sc_output, $allowedtags);
 }
示例#28
0
 /**
  * Define our menu fallback
  *
  * @return string
  */
 public static function menu_fallback()
 {
     $html = '<div class="alert-box secondary">';
     $html .= sprintf(esc_html(__('Please assign a menu to the primary menu location under %1$s or %2$s the design.'), 'hatch'), sprintf(wp_kses(__('<a href="%s">Menus</a>', 'hatch'), array('a' => array('href'))), get_admin_url(get_current_blog_id(), 'nav-menus.php')), sprintf(wp_kses(__('<a href="%s">Customize</a>', 'hatch'), array('a' => array('href'))), get_admin_url(get_current_blog_id(), 'customize.php')));
     $html .= '</div>';
     return $html;
 }
示例#29
-1
 /**
  * Prints HTML with meta information for the categories, tags and comments.
  */
 function xmaps_entry_footer()
 {
     // Hide category and tag text for pages.
     if ('post' === get_post_type()) {
         /* translators: used between list items, there is a space after the comma */
         $categories_list = get_the_category_list(esc_html__(', ', 'xmaps'));
         if ($categories_list && xmaps_categorized_blog()) {
             printf('<span class="cat-links">' . esc_html__('Posted in %1$s', 'xmaps') . '</span>', $categories_list);
             // WPCS: XSS OK.
         }
         /* translators: used between list items, there is a space after the comma */
         $tags_list = get_the_tag_list('', esc_html__(', ', 'xmaps'));
         if ($tags_list) {
             printf('<span class="tags-links">' . esc_html__('Tagged %1$s', 'xmaps') . '</span>', $tags_list);
             // WPCS: XSS OK.
         }
     }
     if (!is_single() && !post_password_required() && (comments_open() || get_comments_number())) {
         echo '<span class="comments-link">';
         /* translators: %s: post title */
         comments_popup_link(sprintf(wp_kses(__('Leave a Comment<span class="screen-reader-text"> on %s</span>', 'xmaps'), array('span' => array('class' => array()))), get_the_title()));
         echo '</span>';
     }
     edit_post_link(sprintf(esc_html__('Edit %s', 'xmaps'), the_title('<span class="screen-reader-text">"', '"</span>', false)), '<span class="edit-link">', '</span>');
 }
示例#30
-1
    function test_feed_links()
    {
        global $allowedposttags;
        $content = <<<EOF
<a href="feed:javascript:alert(1)">CLICK ME</a>
<a href="feed:javascript:feed:alert(1)">CLICK ME</a>
<a href="feed:feed:javascript:alert(1)">CLICK ME</a>
<a href="javascript:feed:alert(1)">CLICK ME</a>
<a href="javascript:feed:javascript:alert(1)">CLICK ME</a>
<a href="feed:feed:feed:javascript:alert(1)">CLICK ME</a>
<a href="feed:feed:feed:feed:javascript:alert(1)">CLICK ME</a>
<a href="feed:feed:feed:feed:feed:javascript:alert(1)">CLICK ME</a>
<a href="feed:javascript:feed:javascript:feed:javascript:alert(1)">CLICK ME</a>
<a href="feed:javascript:feed:javascript:feed:javascript:feed:javascript:feed:javascript:alert(1)">CLICK ME</a>
<a href="feed:feed:feed:http:alert(1)">CLICK ME</a>
EOF;
        $expected = <<<EOF
<a href="feed:alert(1)">CLICK ME</a>
<a href="feed:feed:alert(1)">CLICK ME</a>
<a href="feed:feed:alert(1)">CLICK ME</a>
<a href="feed:alert(1)">CLICK ME</a>
<a href="feed:alert(1)">CLICK ME</a>
<a href="">CLICK ME</a>
<a href="">CLICK ME</a>
<a href="">CLICK ME</a>
<a href="">CLICK ME</a>
<a href="">CLICK ME</a>
<a href="">CLICK ME</a>
EOF;
        $this->assertEquals($expected, wp_kses($content, $allowedposttags));
    }