function wpcf7_sanitize_query_var($text)
{
$text = wp_unslash($text);
$text = wp_check_invalid_utf8($text);
if (false !== strpos($text, '<')) {
$text = wp_pre_kses_less_than($text);
$text = wp_strip_all_tags($text);
}
$text = preg_replace('/%[a-f0-9]{2}/i', '', $text);
$text = preg_replace('/ +/', ' ', $text);
$text = trim($text, ' ');
return $text;
}
/**
* Filter a sanitized multi line text field string without removing linebreaks and tabs.
*
* @since 1.4.3
*
* @param string $filtered The sanitized string.
* @param string $str The string prior to being sanitized.
*/
function sanitize_multiline_text_field($str)
{
$filtered = wp_check_invalid_utf8($str);
if (strpos($filtered, '<') !== false) {
$filtered = wp_pre_kses_less_than($filtered);
// This will strip extra whitespace for us.
$filtered = wp_strip_all_tags($filtered, true);
}
$found = false;
while (preg_match('/%[a-f0-9]{2}/i', $filtered, $match)) {
$filtered = str_replace($match[0], '', $filtered);
$found = true;
}
if ($found) {
// Strip out the whitespace that may now exist after removing the octets.
$filtered = trim(preg_replace('/ +/', ' ', $filtered));
}
return $filtered;
}
/**
* Sanitize a string from user input or from the db
*
* check for invalid UTF-8,
* Convert single < characters to entity,
* strip all tags,
* remove line breaks, tabs and extra white space,
* strip octets.
*
* @since 2.9.0
*
* @param string $str
* @return string
*/
function sanitize_text_field($str)
{
$filtered = wp_check_invalid_utf8($str);
if (strpos($filtered, '<') !== false) {
$filtered = wp_pre_kses_less_than($filtered);
// This will strip extra whitespace for us.
$filtered = wp_strip_all_tags($filtered, true);
} else {
$filtered = trim(preg_replace('/[\\r\\n\\t ]+/', ' ', $filtered));
}
$found = false;
while (preg_match('/%[a-f0-9]{2}/i', $filtered, $match)) {
$filtered = str_replace($match[0], '', $filtered);
$found = true;
}
if ($found) {
// Strip out the whitespace that may now exist after removing the octets.
$filtered = trim(preg_replace('/ +/', ' ', $filtered));
}
/**
* Filter a sanitized text field string.
*
* @since 2.9.0
*
* @param string $filtered The sanitized string.
* @param string $str The string prior to being sanitized.
*/
return apply_filters('sanitize_text_field', $filtered, $str);
}
/**
* Sanitize a string from user input or from the db
*
* check for invalid UTF-8,
* Convert single < characters to entity,
* strip all tags,
* remove line breaks, tabs and extra whitre space,
* strip octets.
*
* @since 2.9
*
* @param string $str
* @return string
*/
function sanitize_text_field($str)
{
$filtered = wp_check_invalid_utf8($str);
if (strpos($filtered, '<') !== false) {
$filtered = wp_pre_kses_less_than($filtered);
$filtered = wp_strip_all_tags($filtered, true);
} else {
$filtered = trim(preg_replace('/\\s+/', ' ', $filtered));
}
$match = array();
while (preg_match('/%[a-f0-9]{2}/i', $filtered, $match)) {
$filtered = str_replace($match[0], '', $filtered);
}
return apply_filters('sanitize_text_field', $filtered, $str);
}
/**
* Custom meta tag highlighter.
*
* Expects string.
*/
function amt_metatag_highlighter($metatags)
{
// Convert special chars, but leave quotes.
$metatags = htmlspecialchars($metatags, ENT_NOQUOTES);
preg_match_all('#([^\\s]+="[^"]+?)"#i', $metatags, $matches);
if (!$matches) {
return $metatags;
}
//var_dump($matches[0]);
foreach ($matches[0] as $match) {
$highlighted = preg_replace('#^([^=]+)="(.+)"$#i', '<span style="font-weight:bold;color:black;">$1</span>="<span style="color:blue;">$2</span>"', $match);
//var_dump($highlighted);
$metatags = str_replace($match, $highlighted, $metatags);
}
// Highlight 'itemscope'
$metatags = str_replace('itemscope', '<span style="font-weight: bold; color: #B90746;">itemscope</span>', $metatags);
// Do some conversions
$metatags = wp_pre_kses_less_than($metatags);
// Done by wp_pre_kses_less_than()
//$metatags = str_replace('<meta', '<meta', $metatags);
//$metatags = str_replace('/>', '/>', $metatags);
return $metatags;
}
/**
* Custom meta tag highlighter.
*
* Expects string.
*/
function amt_metatag_highlighter($metatags)
{
// Convert special chars, but leave quotes.
// Required for pre box.
$metatags = htmlspecialchars($metatags, ENT_NOQUOTES);
if (!apply_filters('amt_metadata_review_mode_enable_highlighter', true)) {
return $metatags;
}
// Find all property/value pairs
preg_match_all('#([^\\s]+="[^"]+?)"#i', $metatags, $matches);
if (!$matches) {
return $metatags;
}
// Highlight properties and values.
//var_dump($matches[0]);
foreach ($matches[0] as $match) {
$highlighted = preg_replace('#^([^=]+)="(.+)"$#i', '<span class="amt-ht-attribute">$1</span>="<span class="amt-ht-value">$2</span>"', $match);
//var_dump($highlighted);
$metatags = str_replace($match, $highlighted, $metatags);
}
// Highlight 'itemscope'
$metatags = str_replace('itemscope', '<span class="amt-ht-itemscope">itemscope</span>', $metatags);
// Highlight Schema.org object
//$metatags = preg_replace('#: ([a-zA-Z0-9]+) -->#', ': <span class="amt-ht-important">$1</span> -->', $metatags);
// Highlight HTML comments
$metatags = str_replace('<!--', '<span class="amt-ht-comment"><!--', $metatags);
$metatags = str_replace('-->', '--></span>', $metatags);
// Do some conversions
$metatags = wp_pre_kses_less_than($metatags);
// Done by wp_pre_kses_less_than()
//$metatags = str_replace('<meta', '<meta', $metatags);
//$metatags = str_replace('/>', '/>', $metatags);
//$metatags = str_replace('<br />', '___', $metatags);
//$metatags = str_replace('___', '<br />', $metatags);
return $metatags;
}
/**
* Runs a simple sanitisation of the custom post type permalink structures
* and adds an error if no post ID or post name present
*
* @param string $permalink The permalink structure
*
* @return string Sanitised permalink structure
*/
public function sanitize_permalink($permalink)
{
if (!empty($permalink) && !preg_match('/%(post_id|postname)%/', $permalink)) {
add_settings_error('permalink_structure', 10, __('Permalink structures must contain at least the <code>%post_id%</code> or <code>%postname%</code>.'));
}
$filtered = wp_check_invalid_utf8($permalink);
if (strpos($filtered, '<') !== false) {
$filtered = wp_pre_kses_less_than($filtered);
// This will strip extra whitespace for us.
$filtered = wp_strip_all_tags($filtered, true);
} else {
$filtered = trim(preg_replace('/[\\r\\n\\t ]+/', ' ', $filtered));
}
return preg_replace('/[^a-zA-Z0-9\\/\\%_-]*/', '', $filtered);
}
/**
* Internal helper function to sanitize a string from user input or from the db
*
* @since 4.7.0
* @access private
*
* @param string $str String to sanitize.
* @param bool $keep_newlines optional Whether to keep newlines. Default: false.
* @return string Sanitized string.
*/
function _sanitize_text_fields($str, $keep_newlines = false)
{
$filtered = wp_check_invalid_utf8($str);
if (strpos($filtered, '<') !== false) {
$filtered = wp_pre_kses_less_than($filtered);
// This will strip extra whitespace for us.
$filtered = wp_strip_all_tags($filtered, false);
// Use html entities in a special case to make sure no later
// newline stripping stage could lead to a functional tag
$filtered = str_replace("<\n", "<\n", $filtered);
}
if (!$keep_newlines) {
$filtered = preg_replace('/[\\r\\n\\t ]+/', ' ', $filtered);
}
$filtered = trim($filtered);
$found = false;
while (preg_match('/%[a-f0-9]{2}/i', $filtered, $match)) {
$filtered = str_replace($match[0], '', $filtered);
$found = true;
}
if ($found) {
// Strip out the whitespace that may now exist after removing the octets.
$filtered = trim(preg_replace('/ +/', ' ', $filtered));
}
return $filtered;
}
function social_sanitize_text($input)
{
$filtered = wp_check_invalid_utf8($input);
if (strpos($filtered, '<') !== false) {
$filtered = wp_pre_kses_less_than($filtered);
// This will strip extra whitespace.
$filtered = wp_strip_all_tags($filtered, true);
} else {
$filtered = trim(preg_replace('/[\\r\\n\\t ]+/', ' ', $filtered));
}
return wp_kses_post(force_balance_tags($input));
}
