function wpcf7_sanitize_query_var($text) { $text = wp_unslash($text); $text = wp_check_invalid_utf8($text); if (false !== strpos($text, '<')) { $text = wp_pre_kses_less_than($text); $text = wp_strip_all_tags($text); } $text = preg_replace('/%[a-f0-9]{2}/i', '', $text); $text = preg_replace('/ +/', ' ', $text); $text = trim($text, ' '); return $text; }
/** * Filter a sanitized multi line text field string without removing linebreaks and tabs. * * @since 1.4.3 * * @param string $filtered The sanitized string. * @param string $str The string prior to being sanitized. */ function sanitize_multiline_text_field($str) { $filtered = wp_check_invalid_utf8($str); if (strpos($filtered, '<') !== false) { $filtered = wp_pre_kses_less_than($filtered); // This will strip extra whitespace for us. $filtered = wp_strip_all_tags($filtered, true); } $found = false; while (preg_match('/%[a-f0-9]{2}/i', $filtered, $match)) { $filtered = str_replace($match[0], '', $filtered); $found = true; } if ($found) { // Strip out the whitespace that may now exist after removing the octets. $filtered = trim(preg_replace('/ +/', ' ', $filtered)); } return $filtered; }
/** * Sanitize a string from user input or from the db * * check for invalid UTF-8, * Convert single < characters to entity, * strip all tags, * remove line breaks, tabs and extra white space, * strip octets. * * @since 2.9.0 * * @param string $str * @return string */ function sanitize_text_field($str) { $filtered = wp_check_invalid_utf8($str); if (strpos($filtered, '<') !== false) { $filtered = wp_pre_kses_less_than($filtered); // This will strip extra whitespace for us. $filtered = wp_strip_all_tags($filtered, true); } else { $filtered = trim(preg_replace('/[\\r\\n\\t ]+/', ' ', $filtered)); } $found = false; while (preg_match('/%[a-f0-9]{2}/i', $filtered, $match)) { $filtered = str_replace($match[0], '', $filtered); $found = true; } if ($found) { // Strip out the whitespace that may now exist after removing the octets. $filtered = trim(preg_replace('/ +/', ' ', $filtered)); } /** * Filter a sanitized text field string. * * @since 2.9.0 * * @param string $filtered The sanitized string. * @param string $str The string prior to being sanitized. */ return apply_filters('sanitize_text_field', $filtered, $str); }
/** * Sanitize a string from user input or from the db * * check for invalid UTF-8, * Convert single < characters to entity, * strip all tags, * remove line breaks, tabs and extra whitre space, * strip octets. * * @since 2.9 * * @param string $str * @return string */ function sanitize_text_field($str) { $filtered = wp_check_invalid_utf8($str); if (strpos($filtered, '<') !== false) { $filtered = wp_pre_kses_less_than($filtered); $filtered = wp_strip_all_tags($filtered, true); } else { $filtered = trim(preg_replace('/\\s+/', ' ', $filtered)); } $match = array(); while (preg_match('/%[a-f0-9]{2}/i', $filtered, $match)) { $filtered = str_replace($match[0], '', $filtered); } return apply_filters('sanitize_text_field', $filtered, $str); }
/** * Custom meta tag highlighter. * * Expects string. */ function amt_metatag_highlighter($metatags) { // Convert special chars, but leave quotes. $metatags = htmlspecialchars($metatags, ENT_NOQUOTES); preg_match_all('#([^\\s]+="[^"]+?)"#i', $metatags, $matches); if (!$matches) { return $metatags; } //var_dump($matches[0]); foreach ($matches[0] as $match) { $highlighted = preg_replace('#^([^=]+)="(.+)"$#i', '<span style="font-weight:bold;color:black;">$1</span>="<span style="color:blue;">$2</span>"', $match); //var_dump($highlighted); $metatags = str_replace($match, $highlighted, $metatags); } // Highlight 'itemscope' $metatags = str_replace('itemscope', '<span style="font-weight: bold; color: #B90746;">itemscope</span>', $metatags); // Do some conversions $metatags = wp_pre_kses_less_than($metatags); // Done by wp_pre_kses_less_than() //$metatags = str_replace('<meta', '<meta', $metatags); //$metatags = str_replace('/>', '/>', $metatags); return $metatags; }
/** * Custom meta tag highlighter. * * Expects string. */ function amt_metatag_highlighter($metatags) { // Convert special chars, but leave quotes. // Required for pre box. $metatags = htmlspecialchars($metatags, ENT_NOQUOTES); if (!apply_filters('amt_metadata_review_mode_enable_highlighter', true)) { return $metatags; } // Find all property/value pairs preg_match_all('#([^\\s]+="[^"]+?)"#i', $metatags, $matches); if (!$matches) { return $metatags; } // Highlight properties and values. //var_dump($matches[0]); foreach ($matches[0] as $match) { $highlighted = preg_replace('#^([^=]+)="(.+)"$#i', '<span class="amt-ht-attribute">$1</span>="<span class="amt-ht-value">$2</span>"', $match); //var_dump($highlighted); $metatags = str_replace($match, $highlighted, $metatags); } // Highlight 'itemscope' $metatags = str_replace('itemscope', '<span class="amt-ht-itemscope">itemscope</span>', $metatags); // Highlight Schema.org object //$metatags = preg_replace('#: ([a-zA-Z0-9]+) -->#', ': <span class="amt-ht-important">$1</span> -->', $metatags); // Highlight HTML comments $metatags = str_replace('<!--', '<span class="amt-ht-comment"><!--', $metatags); $metatags = str_replace('-->', '--></span>', $metatags); // Do some conversions $metatags = wp_pre_kses_less_than($metatags); // Done by wp_pre_kses_less_than() //$metatags = str_replace('<meta', '<meta', $metatags); //$metatags = str_replace('/>', '/>', $metatags); //$metatags = str_replace('<br />', '___', $metatags); //$metatags = str_replace('___', '<br />', $metatags); return $metatags; }
/** * Runs a simple sanitisation of the custom post type permalink structures * and adds an error if no post ID or post name present * * @param string $permalink The permalink structure * * @return string Sanitised permalink structure */ public function sanitize_permalink($permalink) { if (!empty($permalink) && !preg_match('/%(post_id|postname)%/', $permalink)) { add_settings_error('permalink_structure', 10, __('Permalink structures must contain at least the <code>%post_id%</code> or <code>%postname%</code>.')); } $filtered = wp_check_invalid_utf8($permalink); if (strpos($filtered, '<') !== false) { $filtered = wp_pre_kses_less_than($filtered); // This will strip extra whitespace for us. $filtered = wp_strip_all_tags($filtered, true); } else { $filtered = trim(preg_replace('/[\\r\\n\\t ]+/', ' ', $filtered)); } return preg_replace('/[^a-zA-Z0-9\\/\\%_-]*/', '', $filtered); }
/** * Internal helper function to sanitize a string from user input or from the db * * @since 4.7.0 * @access private * * @param string $str String to sanitize. * @param bool $keep_newlines optional Whether to keep newlines. Default: false. * @return string Sanitized string. */ function _sanitize_text_fields($str, $keep_newlines = false) { $filtered = wp_check_invalid_utf8($str); if (strpos($filtered, '<') !== false) { $filtered = wp_pre_kses_less_than($filtered); // This will strip extra whitespace for us. $filtered = wp_strip_all_tags($filtered, false); // Use html entities in a special case to make sure no later // newline stripping stage could lead to a functional tag $filtered = str_replace("<\n", "<\n", $filtered); } if (!$keep_newlines) { $filtered = preg_replace('/[\\r\\n\\t ]+/', ' ', $filtered); } $filtered = trim($filtered); $found = false; while (preg_match('/%[a-f0-9]{2}/i', $filtered, $match)) { $filtered = str_replace($match[0], '', $filtered); $found = true; } if ($found) { // Strip out the whitespace that may now exist after removing the octets. $filtered = trim(preg_replace('/ +/', ' ', $filtered)); } return $filtered; }
function social_sanitize_text($input) { $filtered = wp_check_invalid_utf8($input); if (strpos($filtered, '<') !== false) { $filtered = wp_pre_kses_less_than($filtered); // This will strip extra whitespace. $filtered = wp_strip_all_tags($filtered, true); } else { $filtered = trim(preg_replace('/[\\r\\n\\t ]+/', ' ', $filtered)); } return wp_kses_post(force_balance_tags($input)); }