本文整理汇总了PHP中wp_allowed_protocols函数的典型用法代码示例。如果您正苦于以下问题:PHP wp_allowed_protocols函数的具体用法?PHP wp_allowed_protocols怎么用?PHP wp_allowed_protocols使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了wp_allowed_protocols函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的PHP代码示例。
示例1: test_wp_kses_bad_protocol
function test_wp_kses_bad_protocol()
{
$bad = array('dummy:alert(1)', 'javascript:alert(1)', 'JaVaScRiPt:alert(1)', 'javascript:alert(1);', 'javascript:alert(1);', 'javascript:alert(1);', 'javascript:alert(1);', 'javascript:alert(1);', 'javascript:alert(1);', 'javascript:alert(1);', 'javascript:alert(1);', 'javascript:alert(1);', 'javascript:alert('XSS')', 'jav ascript:alert(1);', 'jav	ascript:alert(1);', 'jav
ascript:alert(1);', 'jav
ascript:alert(1);', '  javascript:alert(1);', 'javascript:javascript:alert(1);', 'javascript:javascript:alert(1);', 'javascript:javascript:alert(1);', 'javascript:javascript:alert(1);', 'javascript:javascript:alert(1);', 'javascript:alert(1)//?:', 'feed:javascript:alert(1)', 'feed:javascript:feed:javascript:feed:javascript:alert(1)');
foreach ($bad as $k => $x) {
$result = wp_kses_bad_protocol(wp_kses_normalize_entities($x), wp_allowed_protocols());
if (!empty($result) && $result != 'alert(1);' && $result != 'alert(1)') {
switch ($k) {
case 6:
$this->assertEquals('javascript&#0000058alert(1);', $result);
break;
case 12:
$this->assertEquals(str_replace('&', '&', $x), $result);
break;
case 22:
$this->assertEquals('javascript&#0000058alert(1);', $result);
break;
case 23:
$this->assertEquals('javascript&#0000058alert(1)//?:', $result);
break;
case 24:
$this->assertEquals('feed:alert(1)', $result);
break;
default:
$this->fail("wp_kses_bad_protocol failed on {$x}. Result: {$result}");
}
}
}
$safe = array('dummy:alert(1)', 'HTTP://example.org/', 'http://example.org/', 'http://example.org/', 'http://example.org/', 'https://example.org', 'http://example.org/wp-admin/post.php?post=2&action=edit', 'http://example.org/index.php?test='blah'');
foreach ($safe as $x) {
$result = wp_kses_bad_protocol(wp_kses_normalize_entities($x), array('http', 'https', 'dummy'));
if ($result != $x && $result != 'http://example.org/') {
$this->fail("wp_kses_bad_protocol incorrectly blocked {$x}");
}
}
}
开发者ID:plis197715,项目名称:wordpress-develop,代码行数:35,代码来源:kses.php
示例2: get_allowed_protocols
private static function get_allowed_protocols()
{
if (isset(self::$allowed_protocols)) {
return self::$allowed_protocols;
}
$blacklisted_protocols = self::get_blacklisted_protocols();
$allowed_protocols = wp_allowed_protocols();
$allowed_protocols = array_diff_key($allowed_protocols, array_fill_keys($blacklisted_protocols, false));
self::$allowed_protocols = $allowed_protocols;
return $allowed_protocols;
}
开发者ID:RockoDev,项目名称:amp-wp,代码行数:11,代码来源:class-amp-kses.php
示例3: wp_kses
/**
* Filters content and keeps only allowable HTML elements.
*
* This function makes sure that only the allowed HTML element names, attribute
* names and attribute values plus only sane HTML entities will occur in
* $string. You have to remove any slashes from PHP's magic quotes before you
* call this function.
*
* The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
* 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This
* covers all common link protocols, except for 'javascript' which should not
* be allowed for untrusted users.
*
* @since 1.0.0
*
* @param string $string Content to filter through kses
* @param array $allowed_html List of allowed HTML elements
* @param array $allowed_protocols Optional. Allowed protocol in links.
* @return string Filtered content with only allowed HTML elements
*/
function wp_kses($string, $allowed_html, $allowed_protocols = array())
{
if (empty($allowed_protocols)) {
$allowed_protocols = wp_allowed_protocols();
}
$string = wp_kses_no_null($string);
$string = wp_kses_js_entities($string);
$string = wp_kses_normalize_entities($string);
$allowed_html_fixed = wp_kses_array_lc($allowed_html);
$string = wp_kses_hook($string, $allowed_html_fixed, $allowed_protocols);
// WP changed the order of these funcs and added args to wp_kses_hook
return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
}
开发者ID:nunomorgadinho,项目名称:WordPress,代码行数:33,代码来源:kses.php
示例4: test_protocol
function test_protocol()
{
$this->assertEquals('http://example.com', esc_url('http://example.com'));
$this->assertEquals('', esc_url('nasty://example.com/'));
$this->assertEquals('', esc_url('example.com', array('https')));
$this->assertEquals('', esc_url('http://example.com', array('https')));
$this->assertEquals('https://example.com', esc_url('https://example.com', array('http', 'https')));
foreach (wp_allowed_protocols() as $scheme) {
$this->assertEquals("{$scheme}://example.com", esc_url("{$scheme}://example.com"), $scheme);
$this->assertEquals("{$scheme}://example.com", esc_url("{$scheme}://example.com", array($scheme)), $scheme);
}
$this->assertTrue(!in_array('data', wp_allowed_protocols(), true));
$this->assertEquals('', esc_url('data:text/plain;base64,SGVsbG8sIFdvcmxkIQ%3D%3D'));
$this->assertTrue(!in_array('foo', wp_allowed_protocols(), true));
$this->assertEquals('foo://example.com', esc_url('foo://example.com', array('foo')));
}
开发者ID:boonebgorges,项目名称:develop.wordpress,代码行数:16,代码来源:EscUrl.php
示例5: nextgen_esc_url
function nextgen_esc_url($url, $protocols = null, $_context = 'display')
{
$original_url = $url;
if ('' == $url) {
return $url;
}
$url = preg_replace('|[^a-z0-9 \\-~+_.?#=!&;,/:%@$\\|*\'()\\x80-\\xff]|i', '', $url);
$strip = array('%0d', '%0a', '%0D', '%0A');
$url = _deep_replace($strip, $url);
$url = str_replace(';//', '://', $url);
/* If the URL doesn't appear to contain a scheme, we
* presume it needs http:// appended (unless a relative
* link starting with /, # or ? or a php file).
*/
if (strpos($url, ':') === false && !in_array($url[0], array('/', '#', '?')) && !preg_match('/^[a-z0-9-]+?\\.php/i', $url)) {
$url = 'http://' . $url;
}
// Replace ampersands and single quotes only when displaying.
if ('display' == $_context) {
$url = wp_kses_normalize_entities($url);
$url = str_replace('&', '&', $url);
$url = str_replace("'", ''', $url);
$url = str_replace('%', '%25', $url);
$url = str_replace(' ', '%20', $url);
}
if ('/' === $url[0]) {
$good_protocol_url = $url;
} else {
if (!is_array($protocols)) {
$protocols = wp_allowed_protocols();
}
$good_protocol_url = wp_kses_bad_protocol($url, $protocols);
if (strtolower($good_protocol_url) != strtolower($url)) {
return '';
}
}
return apply_filters('clean_url', $good_protocol_url, $original_url, $_context);
}
开发者ID:patrickmetzger,项目名称:adthrive-touch,代码行数:38,代码来源:nggallery.php
示例6: save
/**
* Save section data
*
* @since 0.2.0
*
* @param WP_User $user
*/
public function save($user = null)
{
// User Login
if (isset($_POST['user_login'])) {
// Set the login
$user->user_login = sanitize_user($_POST['user_login'], true);
// Invalid login
if (!validate_username($user->user_login)) {
$this->errors->add('user_login', __('<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.'));
}
// Login already exists
if (username_exists($user->user_login)) {
$this->errors->add('user_login', __('<strong>ERROR</strong>: This username is already registered. Please choose another one.'));
}
// Checking that username has been typed
if (empty($user->user_login)) {
$this->errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.'));
}
// Return if errored
if ($this->errors->get_error_code()) {
return $this->errors;
}
}
// First
$user->first_name = isset($_POST['first_name']) ? sanitize_text_field($_POST['first_name']) : '';
// Last
$user->last_name = isset($_POST['last_name']) ? sanitize_text_field($_POST['last_name']) : '';
// Nickname
if (isset($_POST['nickname'])) {
// Set the nick
$user->nickname = sanitize_text_field($_POST['nickname']);
// Nickname was empty
if (empty($user->nickname)) {
$this->errors->add('nickname', __('<strong>ERROR</strong>: Please enter a nickname.'));
return $this->errors;
}
}
// Display
$user->display_name = isset($_POST['display_name']) ? sanitize_text_field($_POST['display_name']) : '';
// Description
$user->description = isset($_POST['description']) ? trim($_POST['description']) : '';
// Website
if (isset($_POST['url'])) {
// Emptying URL
if (empty($_POST['url']) || in_array($_POST['url'], wp_allowed_protocols(), true)) {
$user->user_url = '';
// Validate
} else {
$user->user_url = esc_url_raw($_POST['url']);
$protocols = implode('|', array_map('preg_quote', wp_allowed_protocols()));
$user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url;
}
}
// Look for contact methods
$methods = wp_get_user_contact_methods($user);
// Contact methods
foreach (array_keys($methods) as $method) {
if (isset($_POST[$method])) {
$user->{$method} = sanitize_text_field($_POST[$method]);
}
}
// Allow third party plugins to save data in this section
parent::save($user);
}
开发者ID:LaconicTranslator,项目名称:wp-user-profiles,代码行数:71,代码来源:profile.php
示例7: sanitize_settings_choices
/**
* Sanitize the field choices property.
*
* @param array|null $choices The field choices property.
*
* @return array|null
*/
public function sanitize_settings_choices($choices = null)
{
if (is_null($choices)) {
$choices =& $this->choices;
}
if (!is_array($choices)) {
return $choices;
}
foreach ($choices as &$choice) {
if (isset($choice['isSelected'])) {
$choice['isSelected'] = (bool) $choice['isSelected'];
}
if (isset($choice['price']) && !empty($choice['price'])) {
$price_number = GFCommon::to_number($choice['price']);
$choice['price'] = GFCommon::to_money($price_number);
}
if (isset($choice['text'])) {
$choice['text'] = $this->maybe_wp_kses($choice['text']);
}
if (isset($choice['value'])) {
// Strip scripts but don't encode
$allowed_protocols = wp_allowed_protocols();
$choice['value'] = wp_kses_no_null($choice['value'], array('slash_zero' => 'keep'));
$choice['value'] = wp_kses_hook($choice['value'], 'post', $allowed_protocols);
$choice['value'] = wp_kses_split($choice['value'], 'post', $allowed_protocols);
}
}
return $choices;
}
开发者ID:SayenkoDesign,项目名称:ividf,代码行数:36,代码来源:class-gf-field.php
示例8: test_allowed_protocols
function test_allowed_protocols()
{
$allowed = array('skype', 'tel', 'mailto');
foreach ($allowed as $protocol) {
$this->assertContains($protocol, wp_allowed_protocols(), "{$protocol} should be also allowed protocol");
}
}
开发者ID:proteusthemes,项目名称:proteuswidgets,代码行数:7,代码来源:test-proteuswidgets.php
示例9: wp_kses_one_attr
/**
* Filters one attribute only and ensures its value is allowed.
*
* This function has the advantage of being more secure than esc_attr() and can
* escape data in some situations where wp_kses() must strip the whole attribute.
*
* @since 4.2.3
*
* @param string $string The 'whole' attribute, including name and value.
* @param string $element The element name to which the attribute belongs.
* @return string Filtered attribute.
*/
function wp_kses_one_attr($string, $element)
{
$uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action');
$allowed_html = wp_kses_allowed_html('post');
$allowed_protocols = wp_allowed_protocols();
$string = wp_kses_no_null($string, array('slash_zero' => 'keep'));
$string = wp_kses_js_entities($string);
// Preserve leading and trailing whitespace.
$matches = array();
preg_match('/^\\s*/', $string, $matches);
$lead = $matches[0];
preg_match('/\\s*$/', $string, $matches);
$trail = $matches[0];
if (empty($trail)) {
$string = substr($string, strlen($lead));
} else {
$string = substr($string, strlen($lead), -strlen($trail));
}
// Parse attribute name and value from input.
$split = preg_split('/\\s*=\\s*/', $string, 2);
$name = $split[0];
if (count($split) == 2) {
$value = $split[1];
// Remove quotes surrounding $value.
// Also guarantee correct quoting in $string for this one attribute.
if ('' == $value) {
$quote = '';
} else {
$quote = $value[0];
}
if ('"' == $quote || "'" == $quote) {
if (substr($value, -1) != $quote) {
return '';
}
$value = substr($value, 1, -1);
} else {
$quote = '"';
}
// Sanitize quotes, angle braces, and entities.
$value = esc_attr($value);
// Sanitize URI values.
if (in_array(strtolower($name), $uris)) {
$value = wp_kses_bad_protocol($value, $allowed_protocols);
}
$string = "{$name}={$quote}{$value}{$quote}";
$vless = 'n';
} else {
$value = '';
$vless = 'y';
}
// Sanitize attribute by name.
wp_kses_attr_check($name, $value, $string, $vless, $element, $allowed_html);
// Restore whitespace.
return $lead . $string . $trail;
}
开发者ID:zoran180,项目名称:wp_szf,代码行数:67,代码来源:kses.php
示例10: sanitize_entry_value
/**
* Override this method to implement the appropriate sanitization specific to the field type before the value is saved.
*
* This base method provides a generic sanitization similar to wp_kses but values are not encoded.
* Scripts are stripped out leaving allowed tags if HTMl is allowed.
*
* @param string $value The field value to be processed.
* @param int $form_id The ID of the form currently being processed.
*
* @return string
*/
public function sanitize_entry_value($value, $form_id)
{
if (is_array($value)) {
return '';
}
//allow HTML for certain field types
$allow_html = $this->allow_html();
$allowable_tags = gf_apply_filters(array('gform_allowable_tags', $form_id), $allow_html, $this, $form_id);
if ($allowable_tags !== true) {
$value = strip_tags($value, $allowable_tags);
}
$allowed_protocols = wp_allowed_protocols();
$value = wp_kses_no_null($value, array('slash_zero' => 'keep'));
$value = wp_kses_hook($value, 'post', $allowed_protocols);
$value = wp_kses_split($value, 'post', $allowed_protocols);
return $value;
}
开发者ID:timk85,项目名称:DIT,代码行数:28,代码来源:class-gf-field.php
示例11: test_data_is_not_an_allowed_protocol
/**
* @ticket 19354
*/
function test_data_is_not_an_allowed_protocol()
{
$this->assertNotContains('data', wp_allowed_protocols());
}
开发者ID:jaspermdegroot,项目名称:develop.wordpress,代码行数:7,代码来源:functions.php
示例12: sanitize_entry_value
/**
* Override this method to implement the appropriate sanitization specific to the field type before the value is saved.
*
* This base method provides a generic sanitization similar to wp_kses but values are not encoded.
* Scripts are stripped out leaving tags allowed by the gform_allowable_tags filter.
*
* @param string $value The field value to be processed.
* @param int $form_id The ID of the form currently being processed.
*
* @return string
*/
public function sanitize_entry_value($value, $form_id)
{
if (is_array($value)) {
return '';
}
/**
* Provisional filter - may be subject to change or removal.
*
* @param bool
* @param int $form_id
* @para GF_Field $this
*/
$sanitize = apply_filters('gform_sanitize_entry_value', true, $form_id, $this);
if (!$sanitize) {
return $value;
}
//allow HTML for certain field types
$allow_html = $this->allow_html();
$allowable_tags = gf_apply_filters(array('gform_allowable_tags', $form_id), $allow_html, $this, $form_id);
if ($allowable_tags !== true) {
$value = strip_tags($value, $allowable_tags);
}
$allowed_protocols = wp_allowed_protocols();
$value = wp_kses_no_null($value, array('slash_zero' => 'keep'));
$value = wp_kses_hook($value, 'post', $allowed_protocols);
$value = wp_kses_split($value, 'post', $allowed_protocols);
return $value;
}
开发者ID:Friends-School-Atlanta,项目名称:Deployable-WordPress,代码行数:39,代码来源:class-gf-field.php
示例13: ipin_edit_user
function ipin_edit_user($user_id = 0)
{
global $wp_roles, $wpdb;
$user = new stdClass();
if ($user_id) {
$update = true;
$user->ID = (int) $user_id;
$userdata = get_userdata($user_id);
$user->user_login = wp_slash($userdata->user_login);
} else {
$update = false;
}
if (!$update && isset($_POST['user_login'])) {
$user->user_login = sanitize_user($_POST['user_login'], true);
}
$pass1 = $pass2 = '';
if (isset($_POST['pass1'])) {
$pass1 = $_POST['pass1'];
}
if (isset($_POST['pass2'])) {
$pass2 = $_POST['pass2'];
}
if (isset($_POST['role']) && current_user_can('edit_users')) {
$new_role = sanitize_text_field($_POST['role']);
$potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false;
// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
// Multisite super admins can freely edit their blog roles -- they possess all caps.
if (is_multisite() && current_user_can('manage_sites') || $user_id != get_current_user_id() || $potential_role && $potential_role->has_cap('edit_users')) {
$user->role = $new_role;
}
// If the new role isn't editable by the logged-in user die with error
$editable_roles = get_editable_roles();
if (!empty($new_role) && empty($editable_roles[$new_role])) {
wp_die(__('You can’t give users that role.', 'ipin'));
}
}
//edited: store the original email
$original_user_email = $userdata->user_email;
if (isset($_POST['email'])) {
$user->user_email = sanitize_text_field($_POST['email']);
}
if (isset($_POST['url'])) {
if (empty($_POST['url']) || $_POST['url'] == 'http://') {
$user->user_url = '';
} else {
$user->user_url = esc_url_raw($_POST['url']);
$protocols = implode('|', array_map('preg_quote', wp_allowed_protocols()));
$user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url;
}
}
if (isset($_POST['first_name'])) {
$user->first_name = sanitize_text_field($_POST['first_name']);
}
if (isset($_POST['last_name'])) {
$user->last_name = sanitize_text_field($_POST['last_name']);
}
if (isset($_POST['nickname'])) {
$user->nickname = sanitize_text_field($_POST['nickname']);
}
if (isset($_POST['display_name'])) {
$user->display_name = sanitize_text_field($_POST['display_name']);
}
if (isset($_POST['description'])) {
$user->description = trim($_POST['description']);
}
foreach (wp_get_user_contact_methods($user) as $method => $name) {
if (isset($_POST[$method])) {
$user->{$method} = sanitize_text_field($_POST[$method]);
}
}
if ($update) {
$user->rich_editing = isset($_POST['rich_editing']) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';
$user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh';
$user->show_admin_bar_front = isset($_POST['admin_bar_front']) ? 'true' : 'false';
}
$user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
$user->use_ssl = 0;
if (!empty($_POST['use_ssl'])) {
$user->use_ssl = 1;
}
$errors = new WP_Error();
/* checking that username has been typed */
if ($user->user_login == '') {
$errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.', 'ipin'));
}
/* checking the password has been typed twice */
do_action_ref_array('check_passwords', array($user->user_login, &$pass1, &$pass2));
if ($update) {
if (empty($pass1) && !empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.', 'ipin'), array('form-field' => 'pass1'));
} elseif (!empty($pass1) && empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.', 'ipin'), array('form-field' => 'pass2'));
}
//edited: added to check password length
if (!empty($pass1) && !empty($pass2)) {
if (strlen($pass1) < 6) {
$errors->add('password_too_short', "<strong>ERROR</strong>: Passwords must be at least 6 characters long", 'ipin');
}
}
} else {
//.........这里部分代码省略.........
开发者ID:evinw,项目名称:project_modelv,代码行数:101,代码来源:page_cp_settings.php
示例14: escapeKSESFilter
/**
* Escapes the given string for the KSES filter with the criteria of allowing/disallowing tags and the protocol.
*
* @remark Attributes are not supported at this moment.
* @param array $aAllowedTags e.g. array( 'noscript', 'style', )
* @param array $aDisallowedTags e.g. array( 'table', 'tbody', 'thoot', 'thead', 'th', 'tr' )
* @since 2.0.0
*/
public static function escapeKSESFilter($sString, $aAllowedTags = array(), $aDisallowedTags = array(), $aAllowedProtocols = array())
{
foreach ($aAllowedTags as $sTag) {
$aFormatAllowedTags[$sTag] = array();
// activate the inline style attribute.
}
$aAllowedHTMLTags = AmazonAutoLinks_Utility::uniteArrays($aFormatAllowedTags, $GLOBALS['allowedposttags']);
// the first parameter takes over the second.
foreach ($aDisallowedTags as $sTag) {
if (isset($aAllowedHTMLTags[$sTag])) {
unset($aAllowedHTMLTags[$sTag]);
}
}
if (empty($aAllowedProtocols)) {
$aAllowedProtocols = wp_allowed_protocols();
}
$sString = addslashes($sString);
// the original function call was doing this - could be redundant but haven't fully tested it
$sString = stripslashes($sString);
// wp_filter_post_kses()
$sString = wp_kses_no_null($sString);
// wp_kses()
$sString = wp_kses_js_entities($sString);
// wp_kses()
$sString = wp_kses_normalize_entities($sString);
// wp_kses()
$sString = wp_kses_hook($sString, $aAllowedHTMLTags, $aAllowedProtocols);
// WP changed the order of these funcs and added args to wp_kses_hook
$sString = wp_kses_split($sString, $aAllowedHTMLTags, $aAllowedProtocols);
$sString = addslashes($sString);
// wp_filter_post_kses()
$sString = stripslashes($sString);
// the original function call was doing this - could be redundant but haven't fully tested it
return $sString;
}
开发者ID:ashik968,项目名称:digiplot,代码行数:43,代码来源:AmazonAutoLinks_WPUtility.php
示例15: wp_user_profiles_edit_user
/**
* Edit user settings based on contents of $_POST
*
* Largely based on the edit_user() function, this function only throws errors
* when the user has posted invalid data, vs. when the mock user object does not
* contain it.
*
* @since 0.1.0
*
* @param int $user_id Optional. User ID.
* @return int|WP_Error user id of the updated user
*/
function wp_user_profiles_edit_user($user_id = 0)
{
// Bail if no user ID
if (empty($user_id)) {
return;
}
// Setup the user being saved
$user = new stdClass();
$user->ID = (int) $user_id;
$userdata = get_userdata($user_id);
// Setup the user login
if (isset($_POST['user_login'])) {
$user->user_login = sanitize_user($_POST['user_login'], true);
} else {
$user->user_login = wp_slash($userdata->user_login);
}
// Password changes
$pass1 = isset($_POST['pass1']) ? $_POST['pass1'] : '';
$pass2 = isset($_POST['pass2']) ? $_POST['pass2'] : '';
// Role changes
if (isset($_POST['role']) && current_user_can('edit_users')) {
// New roles
$new_roles = $_POST['role'];
// Loop through new roles
foreach ($new_roles as $blog_id => $new_role) {
// Switch to the blog
switch_to_blog($blog_id);
// If the new role isn't editable by the logged-in user die with error
$editable_roles = get_editable_roles();
if (!empty($new_role) && !empty($editable_roles[$new_role])) {
$update_role = get_userdata($user_id);
$update_role->set_role($new_role);
}
// Switch back
restore_current_blog();
}
}
// Email
if (isset($_POST['email'])) {
$user->user_email = sanitize_text_field(wp_unslash($_POST['email']));
}
// Website
if (isset($_POST['url'])) {
if (empty($_POST['url']) || $_POST['url'] == 'http://') {
$user->user_url = '';
} else {
$user->user_url = esc_url_raw($_POST['url']);
$protocols = implode('|', array_map('preg_quote', wp_allowed_protocols()));
$user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url;
}
}
// First
if (isset($_POST['first_name'])) {
$user->first_name = sanitize_text_field($_POST['first_name']);
}
// Last
if (isset($_POST['last_name'])) {
$user->last_name = sanitize_text_field($_POST['last_name']);
}
// Nick
if (isset($_POST['nickname'])) {
$user->nickname = sanitize_text_field($_POST['nickname']);
}
// Display
if (isset($_POST['display_name'])) {
$user->display_name = sanitize_text_field($_POST['display_name']);
}
// Description
if (isset($_POST['description'])) {
$user->description = trim($_POST['description']);
}
// Contact methods
foreach (wp_get_user_contact_methods($user) as $method => $name) {
if (isset($_POST[$method])) {
$user->{$method} = sanitize_text_field($_POST[$method]);
}
}
// Options
$user->rich_editing = isset($_POST['rich_editing']) && 'false' === $_POST['rich_editing'] ? 'false' : 'true';
$user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh';
$user->show_admin_bar_front = isset($_POST['admin_bar_front']) ? 'true' : 'false';
$user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' === $_POST['comment_shortcuts'] ? 'true' : '';
$user->use_ssl = 0;
if (!empty($_POST['use_ssl'])) {
$user->use_ssl = 1;
}
// Error checking
$errors = new WP_Error();
//.........这里部分代码省略.........
开发者ID:bradyvercher,项目名称:wp-user-profiles,代码行数:101,代码来源:functions.php
示例16: update
function update($new_instance, $old_instance)
{
$instance = $old_instance;
$instance['title'] = strip_tags($new_instance['title']);
$instance['content'] = $new_instance['content'];
$instance['style'] = $new_instance['style'];
$instance['size'] = absint($new_instance['size']);
$instance['target'] = $new_instance['target'];
$instance['social'] = array();
if (!empty($new_instance['social_icon'])) {
$protocols = wp_allowed_protocols();
$protocols[] = 'skype';
//allow skype call protocol
for ($i = 0; $i < count($new_instance['social_icon']) - 1; $i++) {
$temp = array('icon' => $new_instance['social_icon'][$i], 'url' => esc_url($new_instance['social_url'][$i], $protocols));
$instance['social'][] = $temp;
}
}
return $instance;
}
开发者ID:cabelotaina,项目名称:redelivre,代码行数:20,代码来源:class-social-widget.php
示例17: EscapeAndFilterPostKSES
function EscapeAndFilterPostKSES($strString, $arrAllowedTags = array(), $arrDisallowedTags = array(), $arrAllowedProtocols = array())
{
// $arrAllowedTags : e.g. array( 'noscript' => array(), 'style' => array() );
// $arrDisallowedTags : e.g. array( 'table', 'tbody', 'thoot', 'thead', 'th', 'tr' );
global $allowedposttags;
// $arrAllowedHTML = array_replace_recursive( $allowedposttags, $arrAllowedTags ); // the second parameter takes over the first.
// $arrAllowedHTML = wp_parse_args( $arrAllowedTags, $allowedposttags ); // the first parameter takes over the second.
$arrAllowedHTML = $this->oUtil->UniteArraysRecursive($arrAllowedTags, $allowedposttags);
// the first parameter takes over the second.
foreach ($arrDisallowedTags as $strTag) {
if (isset($arrAllowedHTML[$strTag])) {
unset($arrAllowedHTML[$strTag]);
}
}
if (empty($arrAllowedProtocols)) {
$arrAllowedProtocols = wp_allowed_protocols();
}
$strString = addslashes($strString);
// the original function call was doing this - could be redundant but haven't fully tested it
$strString = stripslashes($strString);
// wp_filter_post_kses()
$strString = wp_kses_no_null($strString);
// wp_kses()
$strString = wp_kses_js_entities($strString);
// wp_kses()
$strString = wp_kses_normalize_entities($strString);
// wp_kses()
$strString = wp_kses_hook($strString, $arrAllowedHTML, $arrAllowedProtocols);
// WP changed the order of these funcs and added args to wp_kses_hook
$strString = wp_kses_split($strString, $arrAllowedHTML, $arrAllowedProtocols);
$strString = addslashes($strString);
// wp_filter_post_kses()
$strString = stripslashes($strString);
// the original function call was doing this - could be redundant but haven't fully tested it
return $strString;
}
开发者ID:MarkSpencerTan,项目名称:webdev,代码行数:36,代码来源:ResponsiveColumnWidgets_Admin_Page_.php
示例18: wp_kses
/**
* Filters content and keeps only allowable HTML elements.
*
* This function makes sure that only the allowed HTML element names, attribute
* names and attribute values plus only sane HTML entities will occur in
* $string. You have to remove any slashes from PHP's magic quotes before you
* call this function.
*
* The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
* 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This
* covers all common link protocols, except for 'javascript' which should not
* be allowed for untrusted users.
*
* @since 1.0.0
*
* @param string $string Content to filter through kses
* @param array $allowed_html List of allowed HTML elements
* @param array $allowed_protocols Optional. Allowed protocol in links.
* @return string Filtered content with only allowed HTML elements
*/
function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
if ( empty( $allowed_protocols ) )
$allowed_protocols = wp_allowed_protocols();
$string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
$string = wp_kses_js_entities($string);
$string = wp_kses_normalize_entities($string);
$string = wp_kses_hook($string, $allowed_html, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook
return wp_kses_split($string, $allowed_html, $allowed_protocols);
}
开发者ID:ShankarVellal,项目名称:WordPress,代码行数:29,代码来源:kses.php
示例19: woo_shortcode_box
function woo_shortcode_box($atts, $content = null)
{
extract(shortcode_atts(array('type' => 'normal', 'size' => '', 'style' => '', 'border' => '', 'icon' => ''), $atts));
// "Toggle in a box" fix
$allowed_tags = wp_kses_allowed_html('post');
$allowed_tags['input'] = array('type' => true, 'name' => true, 'value' => true);
$allowed_protocols = wp_allowed_protocols();
$allowed_protocols[] = 'skype';
$class = '';
$custom = '';
if ($icon == 'none') {
$class = 'no-icon';
$custom = ' style="padding-left:15px;background-image:none;"';
} elseif ($icon) {
$class = 'custom-icon';
$custom = ' style="padding-left:50px;background-image:url( ' . esc_attr(esc_url($icon)) . ' ); background-repeat:no-repeat; background-position:20px 45%;"';
}
return '<div class="woo-sc-box ' . esc_attr($class) . ' ' . esc_attr($type) . ' ' . esc_attr($size) . ' ' . esc_attr($style) . ' ' . esc_attr($border) . '"' . $custom . '>' . wp_kses(do_shortcode(woo_remove_wpautop($content)), $allowed_tags, $allowed_protocols) . '</div>';
}
开发者ID:mikmakmuk,项目名称:mystile,代码行数:19,代码来源:admin-shortcodes.php
示例20: edit_user
/**
* Edit user settings based on contents of $_POST
*
* Used on user-edit.php and profile.php to manage and process user options, passwords etc.
*
* @since 2.0
*
* @param int $user_id Optional. User ID.
* @return int user id of the updated user
*/
function edit_user($user_id = 0)
{
global $wp_roles, $wpdb;
$user = new stdClass();
if ($user_id) {
$update = true;
$user->ID = (int) $user_id;
$userdata = get_userdata($user_id);
$user->user_login = $wpdb->escape($userdata->user_login);
} else {
$update = false;
}
if (!$update && isset($_POST['user_login'])) {
$user->user_login = sanitize_user($_POST['user_login'], true);
}
$pass1 = $pass2 = '';
if (isset($_POST['pass1'])) {
$pass1 = $_POST['pass1'];
}
if (isset($_POST['pass2'])) {
$pass2 = $_POST['pass2'];
}
if (isset($_POST['role']) && current_user_can('edit_users')) {
$new_role = sanitize_text_field($_POST['role']);
$potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false;
// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
// Multisite super admins can freely edit their blog roles -- they possess all caps.
if (is_multisite() && current_user_can('manage_sites') || $user_id != get_current_user_id() || $potential_role && $potential_role->has_cap('edit_users')) {
$user->role = $new_role;
}
// If the new role isn't editable by the logged-in user die with error
$editable_roles = get_editable_roles();
if (!empty($new_role) && empty($editable_roles[$new_role])) {
wp_die(__('You can’t give users that role.'));
}
}
if (isset($_POST['email'])) {
$user->user_email = sanitize_text_field($_POST['email']);
}
if (isset($_POST['url'])) {
if (empty($_POST['url']) || $_POST['url'] == 'http://') {
$user->user_url = '';
} else {
$user->user_url = esc_url_raw($_POST['url']);
$protocols = implode('|', array_map('preg_quote', wp_allowed_protocols()));
$user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url;
}
}
if (isset($_POST['first_name'])) {
$user->first_name = sanitize_text_field($_POST['first_name']);
}
if (isset($_POST['last_name'])) {
$user->last_name = sanitize_text_field($_POST['last_name']);
}
if (isset($_POST['nickname'])) {
$user->nickname = sanitize_text_field($_POST['nickname']);
}
if (isset($_POST['display_name'])) {
$user->display_name = sanitize_text_field($_POST['display_name']);
}
if (isset($_POST['description'])) {
$user->description = trim($_POST['description']);
}
foreach (_wp_get_user_contactmethods($user) as $method =
|
客服电话
APP下载
官方微信
请发表评论