function get_plugin_version($author)
{
require_once ABSPATH . '/wp-admin/includes/plugin.php';
if ($author !== '') {
$plugin_author = $author;
} else {
$plugin_author = '*';
}
$plugins = get_plugins();
$plugins_allowedtags1 = array('a' => array('href' => array(), 'title' => array()), 'abbr' => array('title' => array()), 'acronym' => array('title' => array()), 'code' => array(), 'em' => array(), 'strong' => array());
foreach ($plugins as $plugin_file => $plugin_data) {
$plugin_data['Title'] = wp_kses($plugin_data['Title'], $plugins_allowedtags1);
$plugin_data['Title'] = $plugin_data['PluginURI'] ? '<a href="' . $plugin_data['PluginURI'] . '">' . $plugin_data['Title'] . '</a>' : $plugin_data['Title'];
$plugin_data['Version'] = wp_kses($plugin_data['Version'], $plugins_allowedtags1);
$plugin_data['Author'] = wp_kses($plugin_data['Author'], $plugins_allowedtags1);
$plugin_data['Author'] = empty($plugin_data['Author']) ? '' : ' <cite>' . sprintf(__('%s', 'wp-list-plugins'), $plugin_data['AuthorURI'] ? '<a href="' . $plugin_data['AuthorURI'] . '">' . $plugin_data['Author'] . '</a>' : $plugin_data['Author']) . '.</cite>';
$local_version = $plugin_data['Version'];
// $local_version='0.5';
if (strpos($plugin_data['Author'], $plugin_author) == true || strpos($plugin_data['Name'], 'Rob') == true || $author == '') {
$var_sHtml .= "<li>{$plugin_data['Title']} (v. {$plugin_data['Version']} ) By {$plugin_data['Author']}.</li>";
$p_arr = explode("/", $plugin_file);
$p_file = $p_arr[0];
compare_versions($p_file, $local_version);
}
$var_iPlugInNumber++;
}
if (is_admin()) {
echo $var_sHtml;
}
return $var_sHtml;
}
public function shortcode($atts, $content = null)
{
$attributes = shortcode_atts(array('title' => ''), $atts);
$attributes['title'] = wp_kses($attributes['title'], array());
$output = sprintf('<div class="st-toggle"><a class="text-primary" href="#">%s</a><div class="st-toggle-content">%s</div></div>', $attributes['title'], do_shortcode($content));
return $output;
}
function check($files)
{
$result = true;
/**
* Extract the theme name from style.css.
*/
$css = $this->merge_files($files, 'css');
preg_match('|Theme Name:(.*)$|mi', $css, $theme_name);
$name = isset($theme_name[1]) ? wp_kses(trim($theme_name[1]), array()) : '';
/**
* Check if the theme name exists.
*/
$this->increment_check_count();
if (empty($name)) {
$this->add_error('theme-name', 'The theme name needs to be indicated in style.css.', Basescanner::LEVEL_BLOCKER);
$result = false;
// There is no point in continuing of there is no theme name.
return $result;
}
/**
* List of all the words (case insensitive) that can't be part of the theme name.
*/
$this->increment_check_count();
$forbidden_words = array('blog', 'creative', 'css3', 'css 3', 'framework', 'html5', 'html 5', 'pro', 'responsive', 'skin', 'template', 'theme', 'Twenty', 'WordPress', 'WordPress.com', 'WP', 'WP.com');
foreach ($forbidden_words as $word) {
if (preg_match('/(\\s|^)' . $word . '(\\s|$)/i', $name)) {
$this->add_error('theme-name', 'Found the word <em>' . esc_html($word) . '</em> in the theme name. This word is not allowed, please remove it.', Basescanner::LEVEL_BLOCKER);
$result = false;
}
}
return $result;
}
/**
* HTML to display after the section.
*
* @return string
* @access public
*/
public function after_section()
{
?>
</div>
<div class="apple-news-settings-preview">
<?php
// Build sample content
$settings = new Admin_Apple_Settings();
$title = sprintf('<h1 class="apple-news-title apple-news-component">%s</h1>', __('Sample Article', 'apple-news'));
$cover = sprintf('<div class="apple-news-cover">%s</div>', __('Cover', 'apple-news'));
// Build the byline
$author = __('John Doe', 'apple-news');
$date = date('M j, Y g:i A');
$export = new Apple_Actions\Index\Export($settings->fetch_settings());
$byline = sprintf('<div class="apple-news-byline apple-news-component">%s</div>', $export->format_byline(null, $author, $date));
// Get the order of the top components
$component_order = self::get_value('meta_component_order');
foreach ($component_order as $component) {
echo wp_kses(${$component}, self::$allowed_html);
}
?>
<div class="apple-news-component">
<p><span class="apple-news-dropcap">L</span>orem ipsum dolor sit amet, consectetur adipiscing elit. Mauris sagittis, <a href="#">augue vitae iaculis euismod</a>, libero nulla pellentesque quam, non venenatis massa odio id dolor.</p>
<div class="apple-news-pull-quote">Lorem ipsum dolor sit amet.</div>
<p>Praesent eget odio vel sapien scelerisque euismod. Phasellus eros sapien, rutrum ac nibh nec, tristique commodo neque.</p>
<h2>Quisque efficitur</h2>
<p>Quisque efficitur sit amet ex et venenatis. Morbi nisi nisi, ornare id iaculis eget, pulvinar ac dolor.</p>
<p>In eu la cus porttitor, pellentesque diam et, tristique elit. Mauris justo odio, efficitur sit amet aliquet id, aliquam placerat turpis.</p>
</div>
</div>
</div>
<?php
}
function wp_stream_reports_selector($data_types, $args, $class)
{
$options = array();
foreach ($data_types as $key => $item) {
$selected = false;
if (isset($item['connector']) && $item['connector'] == $args['connector_id'] && isset($item['context']) && $item['context'] == null) {
$selected = true;
} else {
if (isset($item['action']) && $item['action'] == $args['action_id']) {
$selected = true;
}
}
$option_args = array('value' => $key, 'label' => isset($item['label']) ? $item['label'] : null, 'selected' => selected($selected, true, false), 'disabled' => isset($item['disabled']) ? $item['disabled'] : null, 'class' => isset($item['children']) ? 'level-1' : null, 'connector' => isset($item['connector']) ? $item['connector'] : null, 'context' => isset($item['context']) ? $item['context'] : null, 'action' => isset($item['action']) ? $item['action'] : null);
$options[] = wp_stream_reports_filter_option($option_args);
if (isset($item['children'])) {
foreach ($item['children'] as $child_value => $child_item) {
$selected = false;
if (isset($child_item['connector']) && $child_item['connector'] == $args['connector_id'] && isset($child_item['context']) && $child_item['context'] == $args['context_id']) {
$selected = true;
}
$option_args = array('value' => $child_value, 'label' => isset($child_item['label']) ? $child_item['label'] : null, 'selected' => selected($selected, true, false), 'disabled' => isset($child_item['disabled']) ? $child_item['disabled'] : null, 'class' => 'level-2', 'connector' => isset($child_item['connector']) ? $child_item['connector'] : null, 'context' => isset($child_item['context']) ? $child_item['context'] : null, 'action' => isset($child_item['action']) ? $child_item['action'] : null);
$options[] = wp_stream_reports_filter_option($option_args);
}
}
}
$allowed_html = array('option' => array('value' => array(), 'selected' => array(), 'disabled' => array(), 'class' => array(), 'data-connector' => array(), 'data-context' => array(), 'data-action' => array()));
printf('<select class="%s">%s</select>', esc_attr($class), wp_kses(implode('', $options), $allowed_html));
}
function archives_shortcode($attr)
{
if (is_feed()) {
return '[archives]';
}
global $allowedposttags;
$default_atts = array('type' => 'postbypost', 'limit' => '', 'format' => 'html', 'showcount' => false, 'before' => '', 'after' => '', 'order' => 'desc');
extract(shortcode_atts($default_atts, $attr));
if (!in_array($type, array('yearly', 'monthly', 'daily', 'weekly', 'postbypost'))) {
$type = 'postbypost';
}
if (!in_array($format, array('html', 'option', 'custom'))) {
$format = 'html';
}
if ('' != $limit) {
$limit = (int) $limit;
}
$showcount = (bool) $showcount;
$before = wp_kses($before, $allowedposttags);
$after = wp_kses($after, $allowedposttags);
// Get the archives
$archives = wp_get_archives('type=' . $type . '&limit=' . $limit . '&format=' . $format . '&echo=0&show_post_count=' . $showcount . '&before=' . $before . '&after=' . $after);
if ('asc' == $order) {
$archives = implode("\n", array_reverse(explode("\n", $archives)));
}
// Check to see if there are any archives
if (empty($archives)) {
$archives = '<p>' . __('Your blog does not currently have any published posts.', 'jetpack') . '</p>';
} elseif ('option' == $format) {
$archives = "<select name='archive-dropdown' onchange='document.location.href=this.options[this.selectedIndex].value;'><option value='" . get_permalink() . "'>--</option>" . $archives . "</select>";
} elseif ('html' == $format) {
$archives = '<ul>' . $archives . '</ul>';
}
return $archives;
}
function flat_paging_nav()
{
// Don't print empty markup if there's only one page.
if ($GLOBALS['wp_query']->max_num_pages < 2) {
return;
}
$paged = get_query_var('paged') ? intval(get_query_var('paged')) : 1;
$pagenum_link = html_entity_decode(get_pagenum_link());
$query_args = array();
$url_parts = explode('?', $pagenum_link);
if (isset($url_parts[1])) {
wp_parse_str($url_parts[1], $query_args);
}
$pagenum_link = remove_query_arg(array_keys($query_args), $pagenum_link);
$pagenum_link = trailingslashit($pagenum_link) . '%_%';
$format = $GLOBALS['wp_rewrite']->using_index_permalinks() && !strpos($pagenum_link, 'index.php') ? 'index.php/' : '';
$format .= $GLOBALS['wp_rewrite']->using_permalinks() ? user_trailingslashit('page/%#%', 'paged') : '?paged=%#%';
// Set up paginated links.
$links = paginate_links(array('base' => $pagenum_link, 'format' => $format, 'total' => $GLOBALS['wp_query']->max_num_pages, 'current' => $paged, 'mid_size' => 4, 'add_args' => array_map('urlencode', $query_args), 'prev_text' => __('<i class="fa fa-chevron-left"></i>', 'flat'), 'next_text' => __('<i class="fa fa-chevron-right"></i>', 'flat')));
$allowed_html = array('a' => array('href' => array(), 'class' => array()), 'span' => array('class' => array()), 'i' => array('class' => array()));
if ($links) {
?>
<nav class="navigation paging-navigation" role="navigation">
<div class="nav-links">
<?php
echo wp_kses($links, $allowed_html);
?>
</div>
</nav>
<?php
}
}
/**
* Filter the source for foolish strings.
*
* @param string $source The custom css source code from settings.
*
* @return string
*/
function filter_source($source)
{
$source = wp_kses($source, array('\'', '\\"'));
// Remove blank lines from string.
$source = preg_replace("/(^[\r\n]*|[\r\n]+)[\\s\t]*[\r\n]+/", "\n", $source);
return $source;
}
/**
* Inserts a comment for the current post if the user is logged in.
*
* @since 0.1-alpha
* @uses check_ajax_referer()
* @uses is_user_logged_in()
* @uses wp_insert_comment()
* @uses wp_get_current_user()
* @uses current_time()
* @uses wp_kses()
* @uses get_option()
*/
function inline_comments_add_comment()
{
check_ajax_referer('inline_comments_nonce', 'security');
$comment = trim(wp_kses($_POST['comment'], array('a' => array('href' => array(), 'title' => array()), 'br' => array(), 'em' => array(), 'strong' => array(), 'blockquote' => array(), 'code' => array())));
if (empty($comment)) {
die;
}
if (get_option('comment_registration') == 1 && !is_user_logged_in()) {
die;
}
$data = array('comment_post_ID' => (int) $_POST['post_id'], 'comment_content' => $comment, 'comment_type' => '', 'comment_parent' => 0, 'comment_author_IP' => $_SERVER['REMOTE_ADDR'], 'comment_agent' => $_SERVER['HTTP_USER_AGENT'], 'comment_date' => current_time('mysql'), 'comment_approved' => 1);
if (is_user_logged_in()) {
$current_user = wp_get_current_user();
$author_email = $current_user->user_email;
$author_url = $current_user->user_url;
$author_name = $current_user->user_nicename;
$data['user_id'] = $current_user->ID;
} else {
$author_email = empty($_POST['user_email']) ? null : esc_attr($_POST['user_email']);
$author_url = empty($_POST['user_url']) ? null : esc_url($_POST['user_url'], array('http', 'https'));
$author_name = empty($_POST['user_name']) ? null : esc_attr($_POST['user_name']);
}
$data['comment_author'] = $author_name;
$data['comment_author_email'] = $author_email;
$data['comment_author_url'] = $author_url;
// ck - catch the new comment id for updating comment meta
$comment_id = wp_insert_comment($data);
// ck - now add the para-id to the comment meta
add_comment_meta($comment_id, 'para_id', $_POST['para_id']);
die;
}
/**
* Get data before saving to CMB.
*/
public function intercept_post_id()
{
// Check for $_POST data
if (empty($_POST)) {
return false;
}
// Check nonce
if (!(isset($_POST['submit-cmb'], $_POST['wp_meta_box_nonce']) && wp_verify_nonce($_POST['wp_meta_box_nonce'], cmb_Meta_Box::nonce()))) {
return;
}
// Setup and sanitize data
if (isset($_POST[$this->prefix . 'place_name'])) {
$this->new_submission = wp_insert_post(array('post_title' => sanitize_text_field($_POST[$this->prefix . 'place_name']), 'post_author' => get_current_user_id(), 'post_status' => 'draft', 'post_type' => 'accommodations', 'post_content' => wp_kses($_POST[$this->prefix . 'place_notes'], '<b><strong><i><em><h1><h2><h3><h4><h5><h6><pre><code><span>')), true);
// If no errors, save the data into a new post draft
if (!is_wp_error($this->new_submission)) {
$address = sanitize_text_field($_POST['address']);
$lat = sanitize_text_field($_POST['lat']);
$lng = sanitize_text_field($_POST['lng']);
$formatted_address = sanitize_text_field($_POST['formatted_address']);
// Update the meta field in the database.
update_post_meta($this->new_submission, 'address', $address);
update_post_meta($this->new_submission, 'lat', $lat);
update_post_meta($this->new_submission, 'lng', $lng);
update_post_meta($this->new_submission, 'formatted_address', $formatted_address);
update_post_meta($this->new_submission, 'place_image_id', $_POST['place_image_id']);
//update post parent in place_image_id
$image = array('ID' => get_post_meta($this->new_submission, 'place_image_id', 1), 'post_parent' => $this->new_submission);
wp_update_post($image);
set_post_thumbnail($this->new_submission, get_post_meta($this->new_submission, 'place_image_id', 1));
return $this->new_submission;
}
}
return false;
}
/**
* Sanitize and tidy a string of CSS
*
* @since 1.1.0
*
* @uses CSSTidy
*
* @param string $css CSS code
* @return string Sanitized and tidied CSS code
*/
function sanitize_css($css)
{
$csstidy = TablePress::load_class('csstidy', 'class.csstidy.php', 'libraries/csstidy');
// Sanitization and not just tidying for users without enough privileges
if (!current_user_can('unfiltered_html')) {
$csstidy->optimise = new csstidy_custom_sanitize($csstidy);
$css = str_replace('<=', '<=', $css);
// Let "arrows" survive, otherwise this might be recognized as the beginning of an HTML tag and removed with other stuff behind it
$css = wp_kses($css, 'strip');
// remove all HTML tags
$css = str_replace('>', '>', $css);
// KSES replaces single ">" with ">", but ">" is valid in CSS selectors
$css = strip_tags($css);
// strip_tags again, because of the just added ">" (KSES for a second time would again bring the ">" problem)
}
$csstidy->set_cfg('remove_bslash', false);
$csstidy->set_cfg('compress_colors', false);
$csstidy->set_cfg('compress_font-weight', false);
$csstidy->set_cfg('lowercase_s', false);
$csstidy->set_cfg('optimise_shorthands', false);
$csstidy->set_cfg('remove_last_;', false);
$csstidy->set_cfg('case_properties', false);
$csstidy->set_cfg('sort_properties', false);
$csstidy->set_cfg('sort_selectors', false);
$csstidy->set_cfg('discard_invalid_selectors', false);
$csstidy->set_cfg('discard_invalid_properties', true);
$csstidy->set_cfg('merge_selectors', false);
$csstidy->set_cfg('css_level', 'CSS3.0');
$csstidy->set_cfg('preserve_css', true);
$csstidy->set_cfg('timestamp', false);
$csstidy->set_cfg('template', dirname(TABLEPRESS__FILE__) . '/libraries/csstidy/tablepress-standard.tpl');
$csstidy->parse($css);
return $csstidy->print->plain();
}
function widget($args, $instance)
{
extract($args);
$instance = wp_parse_args((array) $instance, array('title' => '', 'text' => '', 'id' => '', 'input_text' => '', 'button_text' => ''));
echo $before_widget . '<div class="enews">';
if (!empty($instance['title'])) {
echo $before_title . apply_filters('widget_title', $instance['title']) . $after_title;
}
global $_genesis_formatting_allowedtags;
echo wpautop(wp_kses($instance['text'], $_genesis_formatting_allowedtags));
if (!empty($instance['id'])) {
?>
<form id="subscribe" action="http://feedburner.google.com/fb/a/mailverify" method="post" target="popupwindow" onsubmit="window.open('http://feedburner.google.com/fb/a/mailverify?uri=<?php
echo esc_js($instance['id']);
?>
', 'popupwindow', 'scrollbars=yes,width=550,height=520');return true"><input type="text" value="<?php
echo esc_attr($instance['input_text']);
?>
" id="subbox" onfocus="if (this.value == '<?php
echo esc_js($instance['input_text']);
?>
') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php
echo esc_js($instance['input_text']);
?>
';}" name="email"/><input type="hidden" value="<?php
echo esc_attr($instance['id']);
?>
" name="uri"/><input type="hidden" name="loc" value="en_US"/><input type="submit" value="<?php
echo esc_attr($instance['button_text']);
?>
" id="subbutton" /></form>
<?php
}
echo '</div>' . $after_widget;
}
function dwqa_pre_content($content)
{
global $post_submit_filter;
$content = htmlspecialchars_decode($content);
$content = wp_kses(dwqa_pre_content_filter($content), $post_submit_filter);
return $content;
}
/**
* Class constructor
*
* @since 2.0.5
* @author jkudish
* @param string $id the field id
* @param array $field the field settings
* @param null|mixed $value the field's current value
* @return void
*/
public function __construct($id, $field, $value = null)
{
// setup the defaults
$this->defaults = array('type' => 'html', 'name' => $id, 'attributes' => array(), 'class' => null, 'label' => null, 'tooltip' => null, 'size' => 'medium', 'html' => null, 'error' => false, 'value' => $value, 'options' => null, 'conditional' => true, 'display_callback' => null, 'if_empty' => null, 'can_be_empty' => false, 'clear_after' => true);
// a list of valid field types, to prevent screwy behaviour
$this->valid_field_types = array('heading', 'html', 'text', 'textarea', 'wysiwyg', 'radio', 'checkbox_bool', 'checkbox_list', 'dropdown', 'dropdown_chosen', 'dropdown_select2', 'license_key');
$this->valid_field_types = apply_filters('tribe_valid_field_types', $this->valid_field_types);
// parse args with defaults and extract them
$args = wp_parse_args($field, $this->defaults);
extract($args);
// sanitize the values just to be safe
$id = esc_attr($id);
$type = esc_attr($type);
$name = esc_attr($name);
$class = sanitize_html_class($class);
$label = wp_kses($label, array('a' => array('href' => array(), 'title' => array()), 'br' => array(), 'em' => array(), 'strong' => array(), 'b' => array(), 'i' => array(), 'u' => array(), 'img' => array('title' => array(), 'src' => array(), 'alt' => array())));
$tooltip = wp_kses($tooltip, array('a' => array('href' => array(), 'title' => array()), 'br' => array(), 'em' => array(), 'strong' => array(), 'b' => array(), 'i' => array(), 'u' => array(), 'img' => array('title' => array(), 'src' => array(), 'alt' => array()), 'code' => array('span' => array()), 'span' => array()));
$size = esc_attr($size);
$html = $html;
$error = (bool) $error;
$value = $value;
$conditional = $conditional;
$display_callback = $display_callback;
$clear_after = (bool) $clear_after;
// set the ID
$this->id = apply_filters('tribe_field_id', $id);
// set each instance variable and filter
foreach ($this->defaults as $key => $value) {
$this->{$key} = apply_filters('tribe_field_' . $key, ${$key}, $this->id);
}
// epicness
$this->doField();
}
function check($files)
{
$result = true;
$php = $this->merge_files($files, 'php');
$php_files = $this->filter_files($files, 'php');
/**
* Comments listing.
*/
$this->increment_check_count();
if (false === strpos($php, 'wp_list_comments')) {
$this->add_error('comments-wp-list-comments', "The theme doesn't have a call to <code>wp_list_comments()</code> in it.", Basescanner::LEVEL_BLOCKER);
$result = false;
}
/**
* Comments pagination.
*/
$this->increment_check_count();
if (false === strpos($php, 'paginate_comments_links') && (false === strpos($php, 'previous_comments_link') || false === strpos($php, 'next_comments_link'))) {
$this->add_error('comments', "The theme doesn't have comment pagination code in it. Use <code>paginate_comments_links()</code> or <code>next_comments_link()</code> and <code>previous_comments_link()</code> to add comment pagination.", Basescanner::LEVEL_BLOCKER);
$result = false;
}
/**
* Check whether the comment form is filtered.
*/
foreach ($php_files as $file_path => $file_content) {
if (preg_match('/add_filter\\(\\s*[\'"]comment_form_defaults[\'"]/', $file_content)) {
$this->add_error('filtering_comment_form_defaults', wp_kses(__("WordPress.com has it's own commenting experience, themes should not filter the comment form defaults via <code>add_filter( 'comment_form_defaults', [...] )</code>."), array('code' => array())), Basescanner::LEVEL_WARNING, $this->get_filename($file_path));
$result = false;
}
}
return $result;
}
/**
* removes all tags which a WP Post wouldn't allow in its content normally
* @param string $value
* @return string
*/
function prepare_for_set($value)
{
if (!current_user_can('unfiltered_html')) {
$value = wp_kses("{$value}", wp_kses_allowed_html('post'));
}
return parent::prepare_for_set($value);
}
/**
* @param string|array|WP_Error $data
*/
public function feedback($data)
{
if (is_wp_error($data)) {
$string = $data->get_error_message();
} elseif (is_array($data)) {
return;
} else {
$string = $data;
}
if (!empty($this->upgrader->strings[$string])) {
$string = $this->upgrader->strings[$string];
}
if (strpos($string, '%') !== false) {
$args = func_get_args();
$args = array_splice($args, 1);
if (!empty($args)) {
$string = vsprintf($string, $args);
}
}
$string = trim($string);
// Only allow basic HTML in the messages, as it'll be used in emails/logs rather than direct browser output.
$string = wp_kses($string, array('a' => array('href' => true), 'br' => true, 'em' => true, 'strong' => true));
if (empty($string)) {
return;
}
$this->messages[] = $string;
}
/**
* Update a particular instance.
*
* This function should check that $new_instance is set correctly.
* The newly calculated value of $instance should be returned.
* If "false" is returned, the instance won't be saved/updated.
*
* @param array $new_instance New settings for this instance as input by the user via form()
* @param array $old_instance Old settings for this instance
* @return array Settings to save or bool false to cancel saving
*/
function update($new_instance, $old_instance)
{
$new_instance['title'] = strip_tags($new_instance['title']);
$new_instance['bio_text'] = wp_kses($new_instance['bio_text'], genesis_formatting_allowedtags());
$new_instance['page_link_text'] = strip_tags($new_instance['page_link_text']);
return $new_instance;
}
public function widget($args, $instance)
{
echo wp_kses_post($args['before_widget']);
if (!empty($instance['title'])) {
echo wp_kses_post($args['before_title']) . esc_html($instance['title']) . wp_kses_post($args['after_title']);
}
$barcelona_image = is_numeric($instance['image']) ? barcelona_get_thumbnail_url('barcelona-sq', $instance['image'], true, true) : '';
?>
<div class="about-me">
<?php
if (!empty($barcelona_image)) {
echo '<p class="about-image"><img src="' . esc_url($barcelona_image[0]) . '" alt="' . esc_attr($instance['name']) . '" /></p>';
}
if (!empty($instance['name'])) {
echo '<h2 class="about-name">' . esc_html($instance['name']) . '</h2>';
}
if (!empty($instance['job_title'])) {
echo '<h4 class="about-job-title">' . esc_html($instance['job_title']) . '</h4>';
}
?>
<p class="description">
<?php
echo wp_kses(nl2br($instance['description']), array('br' => array()));
?>
</p>
</div>
<?php
echo wp_kses_post($args['after_widget']);
}
/**
* Front-end display of widget.
* @see WP_Widget::widget()
* @param array $args Widget arguments.
* @param array $instance Saved values from database.
*/
public function widget($args, $instance)
{
extract($args);
extract($instance);
global $allowed_html_tags;
$email = sanitize_email($email);
$email = is_email($email);
$title = apply_filters('widget_title', $title);
echo $before_widget;
?>
<?php
echo $title ? $before_title . $title . $after_title : false;
?>
<section class="contact-option-single">
<address>
<p><?php
echo $address ? wp_kses($address, $allowed_html_tags) : '';
?>
</p>
</address>
<ul class="contact-options">
<?php
echo $phone ? '<li class="phone"><span>' . __('Phone: ', 'majestic-widgets') . '</span>' . esc_attr($phone) . '</li>' : '';
echo $fax ? '<li class="fax"><span>' . __('Fax: ', 'majestic-widgets') . '</span>' . esc_attr($fax) . '</li>' : '';
echo $email ? '<li class="email"><span>' . __('Email: ', 'majestic-widgets') . '</span><a href="mailto:' . $email . '">' . $email . '</a></li>' : '';
?>
</ul>
</section>
<?php
echo $after_widget;
}
public static function sgPopupDataSanitize($sgPopupData)
{
$allowedHtmltags = wp_kses_allowed_html('post');
$allowedHtmltags['input'] = array('name' => true, 'class' => true, 'id' => true, 'placeholder' => true, 'title' => true, 'value' => true, 'type' => true);
$allowedHtmltags['iframe'] = array('name' => true, 'class' => true, 'id' => true, 'title' => true, 'src' => true, 'height' => true, 'width' => true);
return wp_kses($sgPopupData, $allowedHtmltags);
}
/**
* Front-end display of widget.
*
* @see WP_Widget::widget()
*
* @param array $args Widget arguments.
* @param array $instance Saved values from database.
*/
public function widget($args, $instance)
{
echo wp_kses($args['before_widget'], array("div" => array("class" => array(), "id" => array())));
if (!empty($instance['title'])) {
echo wp_kses($args['before_title'], array("h3" => array("class" => array(), "id" => array()))) . apply_filters('widget_title', $instance['title']) . wp_kses($args['after_title'], array("h3" => array("class" => array(), "id" => array())));
}
if (function_exists('getTweets')) {
$tweets_num = $instance['tweet_num'];
$user = $instance['username'];
$tweets = getTweets($user, $tweets_num);
if (is_array($tweets)) {
foreach ($tweets as $tweet) {
if ($tweet['text']) {
$the_tweet = $tweet['text'];
if (is_array($tweet['entities']['urls'])) {
foreach ($tweet['entities']['urls'] as $key => $link) {
$the_tweet = preg_replace('`' . $link['url'] . '`', '<a href="' . $link['url'] . '" target="_blank">' . $link['url'] . '</a>', $the_tweet);
}
}
echo "<div class='tweet_holder'><i class='fa fa-twitter'></i>" . $the_tweet . "</div>";
}
}
}
}
echo wp_kses($args['after_widget'], array("div" => array("class" => array(), "id" => array())));
}
/**
* Custom KSES filter for the Forums component.
*
* @param string $content Content to sanitize.
* @return string Sanitized string.
*/
function bp_forums_filter_kses($content)
{
global $allowedtags;
$forums_allowedtags = $allowedtags;
$forums_allowedtags['span'] = array();
$forums_allowedtags['span']['class'] = array();
$forums_allowedtags['div'] = array();
$forums_allowedtags['div']['class'] = array();
$forums_allowedtags['div']['id'] = array();
$forums_allowedtags['a']['class'] = array();
$forums_allowedtags['img'] = array();
$forums_allowedtags['br'] = array();
$forums_allowedtags['p'] = array();
$forums_allowedtags['img']['src'] = array();
$forums_allowedtags['img']['alt'] = array();
$forums_allowedtags['img']['class'] = array();
$forums_allowedtags['img']['width'] = array();
$forums_allowedtags['img']['height'] = array();
$forums_allowedtags['img']['class'] = array();
$forums_allowedtags['img']['id'] = array();
$forums_allowedtags['code'] = array();
$forums_allowedtags['blockquote'] = array();
/**
* Filters the allowed HTML tags for forum posts.
*
* @since 1.2.0
*
* @param array $forums_allowedtags Array of allowed HTML tags.
*/
$forums_allowedtags = apply_filters('bp_forums_allowed_tags', $forums_allowedtags);
return wp_kses($content, $forums_allowedtags);
}
protected function render_fallback()
{
$classes = 'accordion-section avadaredux-main avadaredux-panel control-section control-panel control-panel-' . esc_attr($this->type);
?>
<li id="accordion-panel-<?php
echo esc_attr($this->id);
?>
" class="<?php
echo esc_attr($classes);
?>
">
<h3 class="accordion-section-title" tabindex="0">
<?php
echo wp_kses($this->title, array('em' => array(), 'i' => array(), 'strong' => array(), 'span' => array('class' => array(), 'style' => array())));
?>
<span class="screen-reader-text"><?php
esc_html_e('Press return or enter to open this panel', 'avadaredux-framework');
?>
</span>
</h3>
<ul class="accordion-sub-container control-panel-content">
<table class="form-table">
<tbody><?php
$this->render_content();
?>
</tbody>
</table>
</ul>
</li>
<?php
}
function bp_forums_filter_kses($content)
{
global $allowedtags;
$forums_allowedtags = $allowedtags;
$forums_allowedtags['span'] = array();
$forums_allowedtags['span']['class'] = array();
$forums_allowedtags['div'] = array();
$forums_allowedtags['div']['class'] = array();
$forums_allowedtags['div']['id'] = array();
$forums_allowedtags['a']['class'] = array();
$forums_allowedtags['img'] = array();
$forums_allowedtags['br'] = array();
$forums_allowedtags['p'] = array();
$forums_allowedtags['img']['src'] = array();
$forums_allowedtags['img']['alt'] = array();
$forums_allowedtags['img']['class'] = array();
$forums_allowedtags['img']['width'] = array();
$forums_allowedtags['img']['height'] = array();
$forums_allowedtags['img']['class'] = array();
$forums_allowedtags['img']['id'] = array();
$forums_allowedtags['code'] = array();
$forums_allowedtags['blockquote'] = array();
$forums_allowedtags = apply_filters('bp_forums_allowed_tags', $forums_allowedtags);
return wp_kses($content, $forums_allowedtags);
}
public static function get_media_item($item_data, $align = 'horizontal')
{
if (!is_object($item_data)) {
return '';
}
$title = '';
$caption = '';
$link = '';
$title_template = '<h4>%s</h4>';
if (!empty($item_data->link)) {
$link_url = $item_data->link;
$link = '<a class="swiper-link" href="' . $link_url . '">' . __('Details', 'the7mk2') . '</a>';
$title_template = '<h4><a href="' . $link_url . '">%s</a></h4>';
}
if (!empty($item_data->title)) {
$title = sprintf($title_template, wp_kses($item_data->title, array()));
}
if (!empty($item_data->description)) {
$caption = wpautop(wp_kses_post($item_data->description));
}
$image = dt_get_thumb_img(array('echo' => false, 'img_meta' => array($item_data->full, $item_data->width, $item_data->height), 'img_id' => $item_data->ID, 'alt' => $item_data->alt, 'wrap' => '<img %IMG_CLASS% %SRC% %SIZE% %ALT% />', 'prop' => false));
$info = $title . $caption . $link;
if ($info) {
$info = sprintf('<span class="link show-content"></span>
<div class="swiper-caption">
%s
<span class="close-link"></span>
</div>', $info);
}
$html = sprintf('<div class="swiper-slide">
%s
%s
</div>', $image, $info);
return $html;
}
public function qTools_sc_lead($atts, $content = null)
{
$sc_output = '<p class="lead">' . do_shortcode($content) . '</p>';
global $allowedtags;
$allowedtags['p'] = array('style' => array(), 'class' => array());
return wp_kses($sc_output, $allowedtags);
}
/**
* Define our menu fallback
*
* @return string
*/
public static function menu_fallback()
{
$html = '<div class="alert-box secondary">';
$html .= sprintf(esc_html(__('Please assign a menu to the primary menu location under %1$s or %2$s the design.'), 'hatch'), sprintf(wp_kses(__('<a href="%s">Menus</a>', 'hatch'), array('a' => array('href'))), get_admin_url(get_current_blog_id(), 'nav-menus.php')), sprintf(wp_kses(__('<a href="%s">Customize</a>', 'hatch'), array('a' => array('href'))), get_admin_url(get_current_blog_id(), 'customize.php')));
$html .= '</div>';
return $html;
}
/**
* Prints HTML with meta information for the categories, tags and comments.
*/
function xmaps_entry_footer()
{
// Hide category and tag text for pages.
if ('post' === get_post_type()) {
/* translators: used between list items, there is a space after the comma */
$categories_list = get_the_category_list(esc_html__(', ', 'xmaps'));
if ($categories_list && xmaps_categorized_blog()) {
printf('<span class="cat-links">' . esc_html__('Posted in %1$s', 'xmaps') . '</span>', $categories_list);
// WPCS: XSS OK.
}
/* translators: used between list items, there is a space after the comma */
$tags_list = get_the_tag_list('', esc_html__(', ', 'xmaps'));
if ($tags_list) {
printf('<span class="tags-links">' . esc_html__('Tagged %1$s', 'xmaps') . '</span>', $tags_list);
// WPCS: XSS OK.
}
}
if (!is_single() && !post_password_required() && (comments_open() || get_comments_number())) {
echo '<span class="comments-link">';
/* translators: %s: post title */
comments_popup_link(sprintf(wp_kses(__('Leave a Comment<span class="screen-reader-text"> on %s</span>', 'xmaps'), array('span' => array('class' => array()))), get_the_title()));
echo '</span>';
}
edit_post_link(sprintf(esc_html__('Edit %s', 'xmaps'), the_title('<span class="screen-reader-text">"', '"</span>', false)), '<span class="edit-link">', '</span>');
}
function test_feed_links()
{
global $allowedposttags;
$content = <<<EOF
<a href="feed:javascript:alert(1)">CLICK ME</a>
<a href="feed:javascript:feed:alert(1)">CLICK ME</a>
<a href="feed:feed:javascript:alert(1)">CLICK ME</a>
<a href="javascript:feed:alert(1)">CLICK ME</a>
<a href="javascript:feed:javascript:alert(1)">CLICK ME</a>
<a href="feed:feed:feed:javascript:alert(1)">CLICK ME</a>
<a href="feed:feed:feed:feed:javascript:alert(1)">CLICK ME</a>
<a href="feed:feed:feed:feed:feed:javascript:alert(1)">CLICK ME</a>
<a href="feed:javascript:feed:javascript:feed:javascript:alert(1)">CLICK ME</a>
<a href="feed:javascript:feed:javascript:feed:javascript:feed:javascript:feed:javascript:alert(1)">CLICK ME</a>
<a href="feed:feed:feed:http:alert(1)">CLICK ME</a>
EOF;
$expected = <<<EOF
<a href="feed:alert(1)">CLICK ME</a>
<a href="feed:feed:alert(1)">CLICK ME</a>
<a href="feed:feed:alert(1)">CLICK ME</a>
<a href="feed:alert(1)">CLICK ME</a>
<a href="feed:alert(1)">CLICK ME</a>
<a href="">CLICK ME</a>
<a href="">CLICK ME</a>
<a href="">CLICK ME</a>
<a href="">CLICK ME</a>
<a href="">CLICK ME</a>
<a href="">CLICK ME</a>
EOF;
$this->assertEquals($expected, wp_kses($content, $allowedposttags));
}