本文整理汇总了PHP中wp_kses_normalize_entities函数的典型用法代码示例。如果您正苦于以下问题:PHP wp_kses_normalize_entities函数的具体用法?PHP wp_kses_normalize_entities怎么用?PHP wp_kses_normalize_entities使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了wp_kses_normalize_entities函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的PHP代码示例。
示例1: ksesXML
/**
* Sanitises a fragment of XML code.
*
* @since 1.4
*
* @param string $xml
* @return string
*/
public static function ksesXML($xml)
{
$xml = wp_kses_no_null($xml);
$xml = wp_kses_js_entities($xml);
$xml = wp_kses_normalize_entities($xml);
return preg_replace_callback('%(<[^>]*(>|$)|>)%', array('self', 'kses_split'), $xml);
}
开发者ID:MarkSpencerTan,项目名称:webdev,代码行数:15,代码来源:sitetree-utilities.class.php
示例2: wp_kses
function wp_kses($string, $allowed_html, $allowed_protocols = array('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'feed', 'gopher', 'mailto'))
{
$string = wp_kses_no_null($string);
$string = wp_kses_js_entities($string);
$string = wp_kses_normalize_entities($string);
$string = wp_kses_hook($string);
$allowed_html_fixed = wp_kses_array_lc($allowed_html);
return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
}
开发者ID:robertlange81,项目名称:Website,代码行数:9,代码来源:kses.php
示例3: wp_kses
/**
* Filters content and keeps only allowable HTML elements.
*
* This function makes sure that only the allowed HTML element names, attribute
* names and attribute values plus only sane HTML entities will occur in
* $string. You have to remove any slashes from PHP's magic quotes before you
* call this function.
*
* The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
* 'irc', 'gopher', 'nntp', 'feed', and finally 'telnet. This covers all common
* link protocols, except for 'javascript' which should not be allowed for
* untrusted users.
*
* @since 1.0.0
*
* @param string $string Content to filter through kses
* @param array $allowed_html List of allowed HTML elements
* @param array $allowed_protocols Optional. Allowed protocol in links.
* @return string Filtered content with only allowed HTML elements
*/
function wp_kses($string, $allowed_html, $allowed_protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'))
{
$string = wp_kses_no_null($string);
$string = wp_kses_js_entities($string);
$string = wp_kses_normalize_entities($string);
$allowed_html_fixed = wp_kses_array_lc($allowed_html);
$string = wp_kses_hook($string, $allowed_html_fixed, $allowed_protocols);
// WP changed the order of these funcs and added args to wp_kses_hook
return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
}
开发者ID:bi0xid,项目名称:bach,代码行数:30,代码来源:functions.kses.php
示例4: wp_kses
/**
* Filters content and keeps only allowable HTML elements.
*
* This function makes sure that only the allowed HTML element names, attribute
* names and attribute values plus only sane HTML entities will occur in
* $string. You have to remove any slashes from PHP's magic quotes before you
* call this function.
*
* The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
* 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This
* covers all common link protocols, except for 'javascript' which should not
* be allowed for untrusted users.
*
* @since 1.0.0
*
* @param string $string Content to filter through kses
* @param array $allowed_html List of allowed HTML elements
* @param array $allowed_protocols Optional. Allowed protocol in links.
* @return string Filtered content with only allowed HTML elements
*/
function wp_kses($string, $allowed_html, $allowed_protocols = array())
{
global $allowedprotocols;
if (empty($allowed_protocols)) {
$allowed_protocols = $allowedprotocols;
}
$string = wp_kses_no_null($string);
$string = wp_kses_js_entities($string);
$string = wp_kses_normalize_entities($string);
return wp_kses_split($string, $allowed_html, $allowed_protocols);
}
开发者ID:VTAMAGNO,项目名称:gpEasy-CMS,代码行数:31,代码来源:kses.php
示例5: wp_kses
function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'feed', 'gopher', 'mailto'))
###############################################################################
# This function makes sure that only the allowed HTML element names, attribute
# names and attribute values plus only sane HTML entities will occur in
# $string. You have to remove any slashes from PHP's magic quotes before you
# call this function.
###############################################################################
{
$string = wp_kses_no_null($string);
$string = wp_kses_js_entities($string);
$string = wp_kses_normalize_entities($string);
$string = wp_kses_hook($string);
$allowed_html_fixed = wp_kses_array_lc($allowed_html);
return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
} # function wp_kses
开发者ID:staylor,项目名称:develop.svn.wordpress.org,代码行数:15,代码来源:kses.php
示例6: nextgen_esc_url
function nextgen_esc_url($url, $protocols = null, $_context = 'display')
{
$original_url = $url;
if ('' == $url) {
return $url;
}
$url = preg_replace('|[^a-z0-9 \\-~+_.?#=!&;,/:%@$\\|*\'()\\x80-\\xff]|i', '', $url);
$strip = array('%0d', '%0a', '%0D', '%0A');
$url = _deep_replace($strip, $url);
$url = str_replace(';//', '://', $url);
/* If the URL doesn't appear to contain a scheme, we
* presume it needs http:// appended (unless a relative
* link starting with /, # or ? or a php file).
*/
if (strpos($url, ':') === false && !in_array($url[0], array('/', '#', '?')) && !preg_match('/^[a-z0-9-]+?\\.php/i', $url)) {
$url = 'http://' . $url;
}
// Replace ampersands and single quotes only when displaying.
if ('display' == $_context) {
$url = wp_kses_normalize_entities($url);
$url = str_replace('&', '&', $url);
$url = str_replace("'", ''', $url);
$url = str_replace('%', '%25', $url);
$url = str_replace(' ', '%20', $url);
}
if ('/' === $url[0]) {
$good_protocol_url = $url;
} else {
if (!is_array($protocols)) {
$protocols = wp_allowed_protocols();
}
$good_protocol_url = wp_kses_bad_protocol($url, $protocols);
if (strtolower($good_protocol_url) != strtolower($url)) {
return '';
}
}
return apply_filters('clean_url', $good_protocol_url, $original_url, $_context);
}
开发者ID:patrickmetzger,项目名称:adthrive-touch,代码行数:38,代码来源:nggallery.php
示例7: processShortcodePreformattedText
function processShortcodePreformattedText($attribute, $content, $tag)
{
$attribute = $this->processAttribute($tag, $attribute);
$html = null;
$Validation = new PBValidation();
if ($Validation->isEmpty($content)) {
return $html;
}
if (!$Validation->isBool($attribute['open_default'])) {
return $html;
}
$class = array('pb-preformatted-text');
if ($attribute['open_default'] == 1) {
array_push($class, 'pb-preformatted-text-visible');
}
array_push($class, $attribute['css_class']);
$id = PBHelper::createId('pb_preformatted_text');
$content = nl2br(trim(preg_replace(array('/\\[/', '/\\]/'), array('[', ']'), htmlspecialchars($content))));
$html = '
<div id="' . $id . '"' . PBHelper::createClassAttribute($class) . '>
<a href="#">
<span class="pb-preformatted-text-label-open">' . esc_html($attribute['label_open']) . '</span>
<span class="pb-preformatted-text-label-close">' . esc_html($attribute['label_close']) . '</span>
</a>
<pre>' . wp_kses_normalize_entities($content) . '</pre>
</div>
<div class="pb-script-tag">
<script type="text/javascript">
jQuery(document).ready(function($)
{
$("#' . $id . '").PBPreformattedText();
});
</script>
</div>
';
return PBHelper::formatHTML($html);
}
开发者ID:phanhoanglong2610,项目名称:anc_gvn,代码行数:37,代码来源:PB.Component.PreformattedText.class.php
示例8: geodir_ajax_import_export
//.........这里部分代码省略.........
$valid = true;
if ($post_title == '' || !in_array($post_type, $post_types)) {
$invalid++;
$valid = false;
}
$location_allowed = function_exists('geodir_cpt_no_location') && geodir_cpt_no_location($post_type) ? false : true;
if ($location_allowed) {
$location_result = geodir_get_default_location();
if ($post_address == '' || $post_city == '' || $post_region == '' || $post_country == '' || $post_latitude == '' || $post_longitude == '') {
$invalid_addr++;
$valid = false;
} else {
if (!empty($location_result) && $location_result->location_id == 0) {
if (strtolower($post_city) != strtolower($location_result->city) || strtolower($post_region) != strtolower($location_result->region) || strtolower($post_country) != strtolower($location_result->country)) {
$invalid_addr++;
$valid = false;
} else {
if (!function_exists('geodir_location_plugin_activated')) {
$gd_post['post_locations'] = '[' . $location_result->city_slug . '],[' . $location_result->region_slug . '],[' . $location_result->country_slug . ']';
// Set the default location when location manager not activated.
}
}
}
}
}
if (!$valid) {
continue;
}
$cat_taxonomy = $post_type . 'category';
$tags_taxonomy = $post_type . '_tags';
$post_category = array();
if (!empty($post_category_arr)) {
foreach ($post_category_arr as $value) {
$category_name = wp_kses_normalize_entities(trim($value));
if ($category_name != '') {
$term_category = array();
if ($term = get_term_by('name', $category_name, $cat_taxonomy)) {
$term_category = $term;
} else {
if ($term = get_term_by('slug', $category_name, $cat_taxonomy)) {
$term_category = $term;
} else {
$term_data = array();
$term_data['name'] = $category_name;
$term_data = array_map('utf8_encode', $term_data);
$term_data['taxonomy'] = $cat_taxonomy;
$term_id = geodir_imex_insert_term($cat_taxonomy, $term_data);
if ($term_id) {
$term_category = get_term($term_id, $cat_taxonomy);
}
}
}
if (!empty($term_category) && !is_wp_error($term_category)) {
//$post_category[] = $term_category->slug;
$post_category[] = intval($term_category->term_id);
}
}
}
}
$save_post = array();
$save_post['post_title'] = $post_title;
$save_post['post_content'] = $post_content;
$save_post['post_type'] = $post_type;
$save_post['post_author'] = $post_author;
$save_post['post_status'] = $post_status;
$save_post['post_category'] = $post_category;
开发者ID:jefferose,项目名称:geodirectory,代码行数:67,代码来源:admin_functions.php
示例9: appthemes_add_login_post_context
/**
* Adds 'login_post' context which changes URL scheme and escape URL for displaying on site
*
* @param string $url
* @param string $original_url
* @param string $context
*
* @return string
*/
function appthemes_add_login_post_context($url, $original_url, $context)
{
if ($context == 'login_post') {
$url = set_url_scheme($url, $context);
$url = wp_kses_normalize_entities($url);
$url = str_replace('&', '&', $url);
$url = str_replace("'", ''', $url);
}
return $url;
}
开发者ID:TopLineMediaTeam,项目名称:horseshow,代码行数:19,代码来源:views-login.php
示例10: html_out
public function html_out($value = 0)
{
if ($value) {
return wp_kses_normalize_entities($value);
}
}
开发者ID:Ashleyotero,项目名称:oldest-old,代码行数:6,代码来源:class.dbprepere.php
示例11: esc_url
/**
* Checks and cleans a URL.
*
* A number of characters are removed from the URL. If the URL is for displaying
* (the default behaviour) ampersands are also replaced. The 'clean_url' filter
* is applied to the returned cleaned URL.
*
* @since 2.8.0
* @uses wp_kses_bad_protocol() To only permit protocols in the URL set
* via $protocols or the common ones set in the function.
*
* @param string $url The URL to be cleaned.
* @param array $protocols Optional. An array of acceptable protocols.
* Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn' if not set.
* @param string $_context Private. Use esc_url_raw() for database usage.
* @return string The cleaned $url after the 'clean_url' filter is applied.
*/
function esc_url( $url, $protocols = null, $_context = 'display' ) {
$original_url = $url;
if ( '' == $url )
return $url;
$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
$strip = array('%0d', '%0a', '%0D', '%0A');
$url = _deep_replace($strip, $url);
$url = str_replace(';//', '://', $url);
/* If the URL doesn't appear to contain a scheme, we
* presume it needs http:// appended (unless a relative
* link starting with /, # or ? or a php file).
*/
if ( strpos($url, ':') === false && ! in_array( $url[0], array( '/', '#', '?' ) ) &&
! preg_match('/^[a-z0-9-]+?\.php/i', $url) )
$url = 'http://' . $url;
// Replace ampersands and single quotes only when displaying.
if ( 'display' == $_context ) {
$url = wp_kses_normalize_entities( $url );
$url = str_replace( '&', '&', $url );
$url = str_replace( "'", ''', $url );
}
if ( '/' === $url[0] ) {
$good_protocol_url = $url;
} else {
if ( ! is_array( $protocols ) )
$protocols = wp_allowed_protocols();
$good_protocol_url = wp_kses_bad_protocol( $url, $protocols );
if ( strtolower( $good_protocol_url ) != strtolower( $url ) )
return '';
}
/**
* Filter a string cleaned and escaped for output as a URL.
*
* @since 2.3.0
*
* @param string $good_protocol_url The cleaned URL to be returned.
* @param string $original_url The URL prior to cleaning.
* @param string $_context If 'display', replace ampersands and single quotes only.
*/
return apply_filters( 'clean_url', $good_protocol_url, $original_url, $_context );
}
开发者ID:staylor,项目名称:develop.svn.wordpress.org,代码行数:62,代码来源:formatting.php
示例12: bp_xprofile_bp_user_query_search
/**
* When search_terms are passed to BP_User_Query, search against xprofile fields.
*
* @since BuddyPress (2.0.0)
*
* @param array $sql Clauses in the user_id SQL query.
* @param BP_User_Query User query object.
*/
function bp_xprofile_bp_user_query_search($sql, BP_User_Query $query)
{
global $wpdb;
if (empty($query->query_vars['search_terms']) || empty($sql['where']['search'])) {
return $sql;
}
$bp = buddypress();
$search_terms_clean = bp_esc_like(wp_kses_normalize_entities($query->query_vars['search_terms']));
if ($query->query_vars['search_wildcard'] === 'left') {
$search_terms_nospace = '%' . $search_terms_clean;
$search_terms_space = '%' . $search_terms_clean . ' %';
} elseif ($query->query_vars['search_wildcard'] === 'right') {
$search_terms_nospace = $search_terms_clean . '%';
$search_terms_space = '% ' . $search_terms_clean . '%';
} else {
$search_terms_nospace = '%' . $search_terms_clean . '%';
$search_terms_space = '%' . $search_terms_clean . '%';
}
// Combine the core search (against wp_users) into a single OR clause
// with the xprofile_data search
$search_xprofile = $wpdb->prepare("u.{$query->uid_name} IN ( SELECT user_id FROM {$bp->profile->table_name_data} WHERE value LIKE %s OR value LIKE %s )", $search_terms_nospace, $search_terms_space);
$search_core = $sql['where']['search'];
$search_combined = "( {$search_xprofile} OR {$search_core} )";
$sql['where']['search'] = $search_combined;
return $sql;
}
开发者ID:kosir,项目名称:thatcamp-org,代码行数:34,代码来源:bp-xprofile-functions.php
示例13: test_wp_kses_bad_protocol
function test_wp_kses_bad_protocol() {
$bad = array(
'dummy:alert(1)',
'javascript:alert(1)',
'JaVaScRiPt:alert(1)',
'javascript:alert(1);',
'javascript:alert(1);',
'javascript:alert(1);',
'javascript:alert(1);',
'javascript:alert(1);',
'javascript:alert(1);',
'javascript:alert(1);',
'javascript:alert(1);',
'javascript:alert(1);',
'javascript:alert('XSS')',
'jav ascript:alert(1);',
'jav	ascript:alert(1);',
'jav
ascript:alert(1);',
'jav
ascript:alert(1);',
'  javascript:alert(1);',
'javascript:javascript:alert(1);',
'javascript:javascript:alert(1);',
'javascript:javascript:alert(1);',
'javascript:javascript:alert(1);',
'javascript:javascript:alert(1);',
'javascript:alert(1)//?:',
'feed:javascript:alert(1)',
'feed:javascript:feed:javascript:feed:javascript:alert(1)',
);
foreach ( $bad as $k => $x ) {
$result = wp_kses_bad_protocol( wp_kses_normalize_entities( $x ), wp_allowed_protocols() );
if ( ! empty( $result ) && $result != 'alert(1);' && $result != 'alert(1)' ) {
switch ( $k ) {
case 6: $this->assertEquals( 'javascript&#0000058alert(1);', $result ); break;
case 12:
$this->assertEquals( str_replace( '&', '&', $x ), $result );
break;
case 22: $this->assertEquals( 'javascript&#0000058alert(1);', $result ); break;
case 23: $this->assertEquals( 'javascript&#0000058alert(1)//?:', $result ); break;
case 24: $this->assertEquals( 'feed:alert(1)', $result ); break;
default: $this->fail( "wp_kses_bad_protocol failed on $x. Result: $result" );
}
}
}
$safe = array(
'dummy:alert(1)',
'HTTP://example.org/',
'http://example.org/',
'http://example.org/',
'http://example.org/',
'https://example.org',
'http://example.org/wp-admin/post.php?post=2&action=edit',
'http://example.org/index.php?test='blah'',
);
foreach ( $safe as $x ) {
$result = wp_kses_bad_protocol( wp_kses_normalize_entities( $x ), array( 'http', 'https', 'dummy' ) );
if ( $result != $x && $result != 'http://example.org/' )
$this->fail( "wp_kses_bad_protocol incorrectly blocked $x" );
}
}
开发者ID:staylor,项目名称:develop.svn.wordpress.org,代码行数:61,代码来源:kses.php
示例14: wp_kses
/**
* Filters content and keeps only allowable HTML elements.
*
* This function makes sure that only the allowed HTML element names, attribute
* names and attribute values plus only sane HTML entities will occur in
* $string. You have to remove any slashes from PHP's magic quotes before you
* call this function.
*
* The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
* 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This
* covers all common link protocols, except for 'javascript' which should not
* be allowed for untrusted users.
*
* @since 1.0.0
*
* @param string $string Content to filter through kses
* @param array $allowed_html List of allowed HTML elements
* @param array $allowed_protocols Optional. Allowed protocol in links.
* @return string Filtered content with only allowed HTML elements
*/
function wp_kses($string, $allowed_html, $allowed_protocols = array())
{
if (empty($allowed_protocols)) {
$allowed_protocols = wp_allowed_protocols();
}
$string = wp_kses_no_null($string, array('slash_zero' => 'keep'));
$string = wp_kses_js_entities($string);
$string = wp_kses_normalize_entities($string);
$string = wp_kses_hook($string, $allowed_html, $allowed_protocols);
// WP changed the order of these funcs and added args to wp_kses_hook
return wp_kses_split($string, $allowed_html, $allowed_protocols);
}
开发者ID:zoran180,项目名称:wp_szf,代码行数:32,代码来源:kses.php
示例15: prepare_user_ids_query
//.........这里部分代码省略.........
// blank.
break;
}
/* WHERE *************************************************************/
// 'include' - User ids to include in the results.
$include = false !== $include ? wp_parse_id_list($include) : array();
$include_ids = $this->get_include_ids($include);
if (!empty($include_ids)) {
$include_ids = implode(',', wp_parse_id_list($include_ids));
$sql['where'][] = "u.{$this->uid_name} IN ({$include_ids})";
}
// 'exclude' - User ids to exclude from the results.
if (false !== $exclude) {
$exclude_ids = implode(',', wp_parse_id_list($exclude));
$sql['where'][] = "u.{$this->uid_name} NOT IN ({$exclude_ids})";
}
// 'user_id' - When a user id is passed, limit to the friends of the user
// @todo remove need for bp_is_active() check.
if (!empty($user_id) && bp_is_active('friends')) {
$friend_ids = friends_get_friend_user_ids($user_id);
$friend_ids = implode(',', wp_parse_id_list($friend_ids));
if (!empty($friend_ids)) {
$sql['where'][] = "u.{$this->uid_name} IN ({$friend_ids})";
// If the user has no friends, the query should always
// return no users.
} else {
$sql['where'][] = $this->no_results['where'];
}
}
/* Search Terms ******************************************************/
// 'search_terms' searches user_login and user_nicename
// xprofile field matches happen in bp_xprofile_bp_user_query_search().
if (false !== $search_terms) {
$search_terms = bp_esc_like(wp_kses_normalize_entities($search_terms));
if ($search_wildcard === 'left') {
$search_terms_nospace = '%' . $search_terms;
$search_terms_space = '%' . $search_terms . ' %';
} elseif ($search_wildcard === 'right') {
$search_terms_nospace = $search_terms . '%';
$search_terms_space = '% ' . $search_terms . '%';
} else {
$search_terms_nospace = '%' . $search_terms . '%';
$search_terms_space = '%' . $search_terms . '%';
}
$sql['where']['search'] = $wpdb->prepare("u.{$this->uid_name} IN ( SELECT ID FROM {$wpdb->users} WHERE ( user_login LIKE %s OR user_login LIKE %s OR user_nicename LIKE %s OR user_nicename LIKE %s ) )", $search_terms_nospace, $search_terms_space, $search_terms_nospace, $search_terms_space);
}
// Only use $member_type__in if $member_type is not set.
if (empty($member_type) && !empty($member_type__in)) {
$member_type = $member_type__in;
}
// Member types to exclude. Note that this takes precedence over inclusions.
if (!empty($member_type__not_in)) {
$member_type_clause = $this->get_sql_clause_for_member_types($member_type__not_in, 'NOT IN');
// Member types to include.
} elseif (!empty($member_type)) {
$member_type_clause = $this->get_sql_clause_for_member_types($member_type, 'IN');
}
if (!empty($member_type_clause)) {
$sql['where']['member_type'] = $member_type_clause;
}
// 'meta_key', 'meta_value' allow usermeta search
// To avoid global joins, do a separate query.
if (false !== $meta_key) {
$meta_sql = $wpdb->prepare("SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key = %s", $meta_key);
if (false !== $meta_value) {
$meta_sql .= $wpdb->prepare(" AND meta_value = %s", $meta_value);
开发者ID:igniterealtime,项目名称:community-plugins,代码行数:67,代码来源:class-bp-user-query.php
示例16: wp_kses
static function wp_kses($string, $allowed_html, $allowed_protocols = array())
{
$string = wp_kses_no_null($string);
$string = wp_kses_js_entities($string);
$string = wp_kses_normalize_entities($string);
return VaultPress_kses::wp_kses_split($string, $allowed_html, $allowed_protocols);
}
开发者ID:roblarsen,项目名称:jquery-wp-content,代码行数:7,代码来源:class.vaultpress-hotfixes.php
示例17: wp_kses_one_attr
/**
* Filters one attribute only and ensures its value is allowed.
*
* This function has the advantage of being more secure than esc_attr() and can
* escape data in some situations where wp_kses() must strip the whole attribute.
*
* @since 4.2.3
*
* @param string $string The 'whole' attribute, including name and value.
* @param string $element The element name to which the attribute belongs.
* @return string Filtered attribute.
*/
function wp_kses_one_attr($string, $element)
{
$uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action');
$allowed_html = wp_kses_allowed_html('post');
$allowed_protocols = wp_allowed_protocols();
$string = wp_kses_no_null($string, array('slash_zero' => 'keep'));
$string = wp_kses_js_entities($string);
$string = wp_kses_normalize_entities($string);
// Preserve leading and trailing whitespace.
$matches = array();
preg_match('/^\\s*/', $string, $matches);
$lead = $matches[0];
preg_match('/\\s*$/', $string, $matches);
$trail = $matches[0];
if (empty($trail)) {
$string = substr($string, strlen($lead));
} else {
$string = substr($string, strlen($lead), -strlen($trail));
}
// Parse attribute name and value from input.
$split = preg_split('/\\s*=\\s*/', $string, 2);
$name = $split[0];
if (count($split) == 2) {
$value = $split[1];
// Remove quotes surrounding $value.
// Also guarantee correct quoting in $string for this one attribute.
if ('' == $value) {
$quote = '';
} else {
$quote = $value[0];
}
if ('"' == $quote || "'" == $quote) {
if (substr($value, -1) != $quote) {
return '';
}
$value = substr($value, 1, -1);
} else {
$quote = '"';
}
// Sanitize quotes and angle braces.
$value = htmlspecialchars($value, ENT_QUOTES, null, false);
// Sanitize URI values.
if (in_array(strtolower($name), $uris)) {
$value = wp_kses_bad_protocol($value, $allowed_protocols);
}
$string = "{$name}={$quote}{$value}{$quote}";
$vless = 'n';
} else {
$value = '';
$vless = 'y';
}
// Sanitize attribute by name.
wp_kses_attr_check($name, $value, $string, $vless, $element, $allowed_html);
// Restore whitespace.
return $lead . $string . $trail;
}
开发者ID:CrankMaster336,项目名称:FFW-TR,代码行数:68,代码来源:kses.php
示例18: geodir_ajax_import_csv
//.........这里部分代码省略.........
$rowcount = 0;
$address_invalid = 0;
$blank_address = 0;
$upload_files = 0;
$invalid_post_type = 0;
$invalid_title = 0;
$customKeyarray = array();
$gd_post_info = array();
$post_location = array();
$countpost = 0;
if (!empty($file)) {
$columns = isset($file[0]) ? geodir_str_getcsv($file[0]) : NULL;
$customKeyarray = $columns;
if (empty($columns) || !empty($columns) && $columns[0] == '') {
$return['error'] = CSV_INVAILD_FILE;
echo json_encode($return);
exit;
}
for ($i = 1; $i <= $importlimit; $i++) {
$current_index = $tmpCnt + $i;
if (isset($file[$current_index])) {
$total_records++;
$buffer = geodir_str_getcsv($file[$current_index]);
$post_title = addslashes($buffer[0]);
$current_post_author = $buffer[1];
$post_desc = addslashes($buffer[2]);
$post_cat = array();
$catids_arr = array();
$post_cat = trim($buffer[3]);
// comma seperated category name
if ($post_cat) {
$post_cat_arr = explode(',', $post_cat);
for ($c = 0; $c < count($post_cat_arr); $c++) {
$catid = wp_kses_normalize_entities(trim($post_cat_arr[$c]));
if (!empty($buffer[5])) {
if (in_array($buffer[5], geodir_get_posttypes())) {
$p_taxonomy = geodir_get_taxonomies(addslashes($buffer[5]));
if (get_term_by('name', $catid, $p_taxonomy[0])) {
$cat = get_term_by('name', $catid, $p_taxonomy[0]);
$catids_arr[] = $cat->slug;
} else {
if (get_term_by('slug', $catid, $p_taxonomy[0])) {
$cat = get_term_by('slug', $catid, $p_taxonomy[0]);
$catids_arr[] = $cat->slug;
} else {
$ret = wp_insert_term($catid, $p_taxonomy[0]);
if ($ret && !is_wp_error($ret)) {
if (get_term_by('name', $catid, $p_taxonomy[0])) {
$cat = get_term_by('name', $catid, $p_taxonomy[0]);
$catids_arr[] = $cat->slug;
} elseif (get_term_by('slug', $catid, $p_taxonomy[0])) {
$cat = get_term_by('slug', $catid, $p_taxonomy[0]);
$catids_arr[] = $cat->slug;
}
}
}
}
}
}
}
}
if (!$catids_arr) {
$catids_arr[] = 1;
}
$post_tags = trim($buffer[4]);
// comma seperated tags
开发者ID:kkoppenhaver,项目名称:geodirectory,代码行数:67,代码来源:admin_hooks_actions.php
示例19: esc_url
/**
* Checks and cleans a URL. This function is from WordPress.
*
* A number of characters are removed from the URL. If the URL is for displaying
* (the default behaviour) ampersands are also replaced. The 'clean_url' filter
* is applied to the returned cleaned URL.
*
* @since 2.8.0
* @uses wp_kses_bad_protocol() To only permit protocols in the URL set
* via $protocols or the common ones set in the function.
*
* @param string $url The URL to be cleaned.
* @param array $protocols Optional. An array of acceptable protocols.
* Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn' if not set.
* @param string $_context Private. Use esc_url_raw() for database usage.
* @return string The cleaned $url after the 'clean_url' filter is applied.
*/
public function esc_url($url, $protocols = null, $_context = 'display')
{
$original_url = $url;
$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\\|*\'()\\x80-\\xff]|i', '', $url);
$strip = array('%0d', '%0a', '%0D', '%0A');
$url = _deep_replace($strip, $url);
$url = str_replace(';//', '://', $url);
// Replace ampersands and single quotes only when displaying.
if ('display' == $_context) {
$url = wp_kses_normalize_entities($url);
$url = str_replace('&', '&', $url);
$url = str_replace('\'', ''', $url);
}
if (!empty($url[0]) && '/' === $url[0]) {
$good_protocol_url = $url;
} else {
if (!is_array($protocols)) {
$protocols = wp_allowed_protocols();
}
$good_protocol_url = wp_kses_bad_protocol($url, $protocols);
if (strtolower($good_protocol_url) != strtolower($url)) {
return '';
}
}
/**
* Filter a string cleaned and escaped for output as a URL.
*
* @since 2.3.0
*
* @param string $good_protocol_url The cleaned URL to be returned.
* @param string $original_url The URL prior to cleaning.
* @param string $_context If 'display', replace ampersands and single quotes only.
*/
return apply_filters('clean_url', $good_protocol_url, $original_url, $_context);
}
开发者ID:kixortillan,项目名称:dfosashworks,代码行数:52,代码来源:package.module.router.php
示例20: normalize_entities
/**
* Html entity decoding for shortcode attributes and post meta values
* - Will first change invalid entities to valid ones - : -> :
* - Then change named ones to numeric ones
* - Then decode them all to their normal characters
* - And remove any surrounding whitespace
*
* @param string $string Arbitrary string
*
* @return string
*/
protected function normalize_entities($string)
{
return trim(wp_kses_decode_entities(ent2ncr(wp_kses_normalize_entities($string))));
}
开发者ID:scottnkerr,项目名称:eeco,代码行数:15,代码来源:class-analyse-post.php
注:本文中的wp_kses_normalize_entities函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论