当前位置: 首页>>代码示例>>PHP>>正文


PHP wp_allowed_protocols函数代码示例

本文整理汇总了PHP中wp_allowed_protocols函数的典型用法代码示例。如果您正苦于以下问题:PHP wp_allowed_protocols函数的具体用法?PHP wp_allowed_protocols怎么用?PHP wp_allowed_protocols使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了wp_allowed_protocols函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: test_wp_kses_bad_protocol

 function test_wp_kses_bad_protocol()
 {
     $bad = array('dummy:alert(1)', 'javascript:alert(1)', 'JaVaScRiPt:alert(1)', 'javascript:alert(1);', 'javascript:alert(1);', 'javascript:alert(1);', 'javascript&#0000058alert(1);', 'javascript:alert(1);', 'javascript:alert(1);', 'javascript:alert(1);', 'javascript:alert(1);', 'javascript:alert(1);', '&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29', 'jav	ascript:alert(1);', 'jav	ascript:alert(1);', 'jav
ascript:alert(1);', 'jav
ascript:alert(1);', '   javascript:alert(1);', 'javascript:javascript:alert(1);', 'javascript:javascript:alert(1);', 'javascript&#0000058javascript:alert(1);', 'javascript:javascript:alert(1);', 'javascript:javascript&#0000058alert(1);', 'javascript&#0000058alert(1)//?:', 'feed:javascript:alert(1)', 'feed:javascript:feed:javascript:feed:javascript:alert(1)');
     foreach ($bad as $k => $x) {
         $result = wp_kses_bad_protocol(wp_kses_normalize_entities($x), wp_allowed_protocols());
         if (!empty($result) && $result != 'alert(1);' && $result != 'alert(1)') {
             switch ($k) {
                 case 6:
                     $this->assertEquals('javascript&#0000058alert(1);', $result);
                     break;
                 case 12:
                     $this->assertEquals(str_replace('&', '&', $x), $result);
                     break;
                 case 22:
                     $this->assertEquals('javascript&#0000058alert(1);', $result);
                     break;
                 case 23:
                     $this->assertEquals('javascript&#0000058alert(1)//?:', $result);
                     break;
                 case 24:
                     $this->assertEquals('feed:alert(1)', $result);
                     break;
                 default:
                     $this->fail("wp_kses_bad_protocol failed on {$x}. Result: {$result}");
             }
         }
     }
     $safe = array('dummy:alert(1)', 'HTTP://example.org/', 'http://example.org/', 'http://example.org/', 'http://example.org/', 'https://example.org', 'http://example.org/wp-admin/post.php?post=2&action=edit', 'http://example.org/index.php?test='blah'');
     foreach ($safe as $x) {
         $result = wp_kses_bad_protocol(wp_kses_normalize_entities($x), array('http', 'https', 'dummy'));
         if ($result != $x && $result != 'http://example.org/') {
             $this->fail("wp_kses_bad_protocol incorrectly blocked {$x}");
         }
     }
 }
开发者ID:plis197715,项目名称:wordpress-develop,代码行数:35,代码来源:kses.php

示例2: get_allowed_protocols

 private static function get_allowed_protocols()
 {
     if (isset(self::$allowed_protocols)) {
         return self::$allowed_protocols;
     }
     $blacklisted_protocols = self::get_blacklisted_protocols();
     $allowed_protocols = wp_allowed_protocols();
     $allowed_protocols = array_diff_key($allowed_protocols, array_fill_keys($blacklisted_protocols, false));
     self::$allowed_protocols = $allowed_protocols;
     return $allowed_protocols;
 }
开发者ID:RockoDev,项目名称:amp-wp,代码行数:11,代码来源:class-amp-kses.php

示例3: wp_kses

/**
 * Filters content and keeps only allowable HTML elements.
 *
 * This function makes sure that only the allowed HTML element names, attribute
 * names and attribute values plus only sane HTML entities will occur in
 * $string. You have to remove any slashes from PHP's magic quotes before you
 * call this function.
 *
 * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
 * 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This
 * covers all common link protocols, except for 'javascript' which should not
 * be allowed for untrusted users.
 *
 * @since 1.0.0
 *
 * @param string $string Content to filter through kses
 * @param array $allowed_html List of allowed HTML elements
 * @param array $allowed_protocols Optional. Allowed protocol in links.
 * @return string Filtered content with only allowed HTML elements
 */
function wp_kses($string, $allowed_html, $allowed_protocols = array())
{
    if (empty($allowed_protocols)) {
        $allowed_protocols = wp_allowed_protocols();
    }
    $string = wp_kses_no_null($string);
    $string = wp_kses_js_entities($string);
    $string = wp_kses_normalize_entities($string);
    $allowed_html_fixed = wp_kses_array_lc($allowed_html);
    $string = wp_kses_hook($string, $allowed_html_fixed, $allowed_protocols);
    // WP changed the order of these funcs and added args to wp_kses_hook
    return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
}
开发者ID:nunomorgadinho,项目名称:WordPress,代码行数:33,代码来源:kses.php

示例4: test_protocol

 function test_protocol()
 {
     $this->assertEquals('http://example.com', esc_url('http://example.com'));
     $this->assertEquals('', esc_url('nasty://example.com/'));
     $this->assertEquals('', esc_url('example.com', array('https')));
     $this->assertEquals('', esc_url('http://example.com', array('https')));
     $this->assertEquals('https://example.com', esc_url('https://example.com', array('http', 'https')));
     foreach (wp_allowed_protocols() as $scheme) {
         $this->assertEquals("{$scheme}://example.com", esc_url("{$scheme}://example.com"), $scheme);
         $this->assertEquals("{$scheme}://example.com", esc_url("{$scheme}://example.com", array($scheme)), $scheme);
     }
     $this->assertTrue(!in_array('data', wp_allowed_protocols(), true));
     $this->assertEquals('', esc_url('data:text/plain;base64,SGVsbG8sIFdvcmxkIQ%3D%3D'));
     $this->assertTrue(!in_array('foo', wp_allowed_protocols(), true));
     $this->assertEquals('foo://example.com', esc_url('foo://example.com', array('foo')));
 }
开发者ID:boonebgorges,项目名称:develop.wordpress,代码行数:16,代码来源:EscUrl.php

示例5: nextgen_esc_url

 function nextgen_esc_url($url, $protocols = null, $_context = 'display')
 {
     $original_url = $url;
     if ('' == $url) {
         return $url;
     }
     $url = preg_replace('|[^a-z0-9 \\-~+_.?#=!&;,/:%@$\\|*\'()\\x80-\\xff]|i', '', $url);
     $strip = array('%0d', '%0a', '%0D', '%0A');
     $url = _deep_replace($strip, $url);
     $url = str_replace(';//', '://', $url);
     /* If the URL doesn't appear to contain a scheme, we
      * presume it needs http:// appended (unless a relative
      * link starting with /, # or ? or a php file).
      */
     if (strpos($url, ':') === false && !in_array($url[0], array('/', '#', '?')) && !preg_match('/^[a-z0-9-]+?\\.php/i', $url)) {
         $url = 'http://' . $url;
     }
     // Replace ampersands and single quotes only when displaying.
     if ('display' == $_context) {
         $url = wp_kses_normalize_entities($url);
         $url = str_replace('&', '&', $url);
         $url = str_replace("'", ''', $url);
         $url = str_replace('%', '%25', $url);
         $url = str_replace(' ', '%20', $url);
     }
     if ('/' === $url[0]) {
         $good_protocol_url = $url;
     } else {
         if (!is_array($protocols)) {
             $protocols = wp_allowed_protocols();
         }
         $good_protocol_url = wp_kses_bad_protocol($url, $protocols);
         if (strtolower($good_protocol_url) != strtolower($url)) {
             return '';
         }
     }
     return apply_filters('clean_url', $good_protocol_url, $original_url, $_context);
 }
开发者ID:patrickmetzger,项目名称:adthrive-touch,代码行数:38,代码来源:nggallery.php

示例6: save

 /**
  * Save section data
  *
  * @since 0.2.0
  *
  * @param WP_User $user
  */
 public function save($user = null)
 {
     // User Login
     if (isset($_POST['user_login'])) {
         // Set the login
         $user->user_login = sanitize_user($_POST['user_login'], true);
         // Invalid login
         if (!validate_username($user->user_login)) {
             $this->errors->add('user_login', __('<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.'));
         }
         // Login already exists
         if (username_exists($user->user_login)) {
             $this->errors->add('user_login', __('<strong>ERROR</strong>: This username is already registered. Please choose another one.'));
         }
         // Checking that username has been typed
         if (empty($user->user_login)) {
             $this->errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.'));
         }
         // Return if errored
         if ($this->errors->get_error_code()) {
             return $this->errors;
         }
     }
     // First
     $user->first_name = isset($_POST['first_name']) ? sanitize_text_field($_POST['first_name']) : '';
     // Last
     $user->last_name = isset($_POST['last_name']) ? sanitize_text_field($_POST['last_name']) : '';
     // Nickname
     if (isset($_POST['nickname'])) {
         // Set the nick
         $user->nickname = sanitize_text_field($_POST['nickname']);
         // Nickname was empty
         if (empty($user->nickname)) {
             $this->errors->add('nickname', __('<strong>ERROR</strong>: Please enter a nickname.'));
             return $this->errors;
         }
     }
     // Display
     $user->display_name = isset($_POST['display_name']) ? sanitize_text_field($_POST['display_name']) : '';
     // Description
     $user->description = isset($_POST['description']) ? trim($_POST['description']) : '';
     // Website
     if (isset($_POST['url'])) {
         // Emptying URL
         if (empty($_POST['url']) || in_array($_POST['url'], wp_allowed_protocols(), true)) {
             $user->user_url = '';
             // Validate
         } else {
             $user->user_url = esc_url_raw($_POST['url']);
             $protocols = implode('|', array_map('preg_quote', wp_allowed_protocols()));
             $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url;
         }
     }
     // Look for contact methods
     $methods = wp_get_user_contact_methods($user);
     // Contact methods
     foreach (array_keys($methods) as $method) {
         if (isset($_POST[$method])) {
             $user->{$method} = sanitize_text_field($_POST[$method]);
         }
     }
     // Allow third party plugins to save data in this section
     parent::save($user);
 }
开发者ID:LaconicTranslator,项目名称:wp-user-profiles,代码行数:71,代码来源:profile.php

示例7: sanitize_settings_choices

 /**
  * Sanitize the field choices property.
  *
  * @param array|null $choices The field choices property.
  *
  * @return array|null
  */
 public function sanitize_settings_choices($choices = null)
 {
     if (is_null($choices)) {
         $choices =& $this->choices;
     }
     if (!is_array($choices)) {
         return $choices;
     }
     foreach ($choices as &$choice) {
         if (isset($choice['isSelected'])) {
             $choice['isSelected'] = (bool) $choice['isSelected'];
         }
         if (isset($choice['price']) && !empty($choice['price'])) {
             $price_number = GFCommon::to_number($choice['price']);
             $choice['price'] = GFCommon::to_money($price_number);
         }
         if (isset($choice['text'])) {
             $choice['text'] = $this->maybe_wp_kses($choice['text']);
         }
         if (isset($choice['value'])) {
             // Strip scripts but don't encode
             $allowed_protocols = wp_allowed_protocols();
             $choice['value'] = wp_kses_no_null($choice['value'], array('slash_zero' => 'keep'));
             $choice['value'] = wp_kses_hook($choice['value'], 'post', $allowed_protocols);
             $choice['value'] = wp_kses_split($choice['value'], 'post', $allowed_protocols);
         }
     }
     return $choices;
 }
开发者ID:SayenkoDesign,项目名称:ividf,代码行数:36,代码来源:class-gf-field.php

示例8: test_allowed_protocols

 function test_allowed_protocols()
 {
     $allowed = array('skype', 'tel', 'mailto');
     foreach ($allowed as $protocol) {
         $this->assertContains($protocol, wp_allowed_protocols(), "{$protocol} should be also allowed protocol");
     }
 }
开发者ID:proteusthemes,项目名称:proteuswidgets,代码行数:7,代码来源:test-proteuswidgets.php

示例9: wp_kses_one_attr

/**
 * Filters one attribute only and ensures its value is allowed.
 *
 * This function has the advantage of being more secure than esc_attr() and can
 * escape data in some situations where wp_kses() must strip the whole attribute.
 *
 * @since 4.2.3
 *
 * @param string $string The 'whole' attribute, including name and value.
 * @param string $element The element name to which the attribute belongs.
 * @return string Filtered attribute.
 */
function wp_kses_one_attr($string, $element)
{
    $uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action');
    $allowed_html = wp_kses_allowed_html('post');
    $allowed_protocols = wp_allowed_protocols();
    $string = wp_kses_no_null($string, array('slash_zero' => 'keep'));
    $string = wp_kses_js_entities($string);
    // Preserve leading and trailing whitespace.
    $matches = array();
    preg_match('/^\\s*/', $string, $matches);
    $lead = $matches[0];
    preg_match('/\\s*$/', $string, $matches);
    $trail = $matches[0];
    if (empty($trail)) {
        $string = substr($string, strlen($lead));
    } else {
        $string = substr($string, strlen($lead), -strlen($trail));
    }
    // Parse attribute name and value from input.
    $split = preg_split('/\\s*=\\s*/', $string, 2);
    $name = $split[0];
    if (count($split) == 2) {
        $value = $split[1];
        // Remove quotes surrounding $value.
        // Also guarantee correct quoting in $string for this one attribute.
        if ('' == $value) {
            $quote = '';
        } else {
            $quote = $value[0];
        }
        if ('"' == $quote || "'" == $quote) {
            if (substr($value, -1) != $quote) {
                return '';
            }
            $value = substr($value, 1, -1);
        } else {
            $quote = '"';
        }
        // Sanitize quotes, angle braces, and entities.
        $value = esc_attr($value);
        // Sanitize URI values.
        if (in_array(strtolower($name), $uris)) {
            $value = wp_kses_bad_protocol($value, $allowed_protocols);
        }
        $string = "{$name}={$quote}{$value}{$quote}";
        $vless = 'n';
    } else {
        $value = '';
        $vless = 'y';
    }
    // Sanitize attribute by name.
    wp_kses_attr_check($name, $value, $string, $vless, $element, $allowed_html);
    // Restore whitespace.
    return $lead . $string . $trail;
}
开发者ID:zoran180,项目名称:wp_szf,代码行数:67,代码来源:kses.php

示例10: sanitize_entry_value

 /**
  * Override this method to implement the appropriate sanitization specific to the field type before the value is saved.
  *
  * This base method provides a generic sanitization similar to wp_kses but values are not encoded.
  * Scripts are stripped out leaving allowed tags if HTMl is allowed.
  *
  * @param string $value The field value to be processed.
  * @param int $form_id The ID of the form currently being processed.
  *
  * @return string
  */
 public function sanitize_entry_value($value, $form_id)
 {
     if (is_array($value)) {
         return '';
     }
     //allow HTML for certain field types
     $allow_html = $this->allow_html();
     $allowable_tags = gf_apply_filters(array('gform_allowable_tags', $form_id), $allow_html, $this, $form_id);
     if ($allowable_tags !== true) {
         $value = strip_tags($value, $allowable_tags);
     }
     $allowed_protocols = wp_allowed_protocols();
     $value = wp_kses_no_null($value, array('slash_zero' => 'keep'));
     $value = wp_kses_hook($value, 'post', $allowed_protocols);
     $value = wp_kses_split($value, 'post', $allowed_protocols);
     return $value;
 }
开发者ID:timk85,项目名称:DIT,代码行数:28,代码来源:class-gf-field.php

示例11: test_data_is_not_an_allowed_protocol

 /**
  * @ticket 19354
  */
 function test_data_is_not_an_allowed_protocol()
 {
     $this->assertNotContains('data', wp_allowed_protocols());
 }
开发者ID:jaspermdegroot,项目名称:develop.wordpress,代码行数:7,代码来源:functions.php

示例12: sanitize_entry_value

 /**
  * Override this method to implement the appropriate sanitization specific to the field type before the value is saved.
  *
  * This base method provides a generic sanitization similar to wp_kses but values are not encoded.
  * Scripts are stripped out leaving tags allowed by the gform_allowable_tags filter.
  *
  * @param string $value The field value to be processed.
  * @param int $form_id The ID of the form currently being processed.
  *
  * @return string
  */
 public function sanitize_entry_value($value, $form_id)
 {
     if (is_array($value)) {
         return '';
     }
     /**
      * Provisional filter - may be subject to change or removal.
      *
      * @param bool
      * @param int $form_id
      * @para GF_Field $this
      */
     $sanitize = apply_filters('gform_sanitize_entry_value', true, $form_id, $this);
     if (!$sanitize) {
         return $value;
     }
     //allow HTML for certain field types
     $allow_html = $this->allow_html();
     $allowable_tags = gf_apply_filters(array('gform_allowable_tags', $form_id), $allow_html, $this, $form_id);
     if ($allowable_tags !== true) {
         $value = strip_tags($value, $allowable_tags);
     }
     $allowed_protocols = wp_allowed_protocols();
     $value = wp_kses_no_null($value, array('slash_zero' => 'keep'));
     $value = wp_kses_hook($value, 'post', $allowed_protocols);
     $value = wp_kses_split($value, 'post', $allowed_protocols);
     return $value;
 }
开发者ID:Friends-School-Atlanta,项目名称:Deployable-WordPress,代码行数:39,代码来源:class-gf-field.php

示例13: ipin_edit_user

function ipin_edit_user($user_id = 0)
{
    global $wp_roles, $wpdb;
    $user = new stdClass();
    if ($user_id) {
        $update = true;
        $user->ID = (int) $user_id;
        $userdata = get_userdata($user_id);
        $user->user_login = wp_slash($userdata->user_login);
    } else {
        $update = false;
    }
    if (!$update && isset($_POST['user_login'])) {
        $user->user_login = sanitize_user($_POST['user_login'], true);
    }
    $pass1 = $pass2 = '';
    if (isset($_POST['pass1'])) {
        $pass1 = $_POST['pass1'];
    }
    if (isset($_POST['pass2'])) {
        $pass2 = $_POST['pass2'];
    }
    if (isset($_POST['role']) && current_user_can('edit_users')) {
        $new_role = sanitize_text_field($_POST['role']);
        $potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false;
        // Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
        // Multisite super admins can freely edit their blog roles -- they possess all caps.
        if (is_multisite() && current_user_can('manage_sites') || $user_id != get_current_user_id() || $potential_role && $potential_role->has_cap('edit_users')) {
            $user->role = $new_role;
        }
        // If the new role isn't editable by the logged-in user die with error
        $editable_roles = get_editable_roles();
        if (!empty($new_role) && empty($editable_roles[$new_role])) {
            wp_die(__('You can&#8217;t give users that role.', 'ipin'));
        }
    }
    //edited: store the original email
    $original_user_email = $userdata->user_email;
    if (isset($_POST['email'])) {
        $user->user_email = sanitize_text_field($_POST['email']);
    }
    if (isset($_POST['url'])) {
        if (empty($_POST['url']) || $_POST['url'] == 'http://') {
            $user->user_url = '';
        } else {
            $user->user_url = esc_url_raw($_POST['url']);
            $protocols = implode('|', array_map('preg_quote', wp_allowed_protocols()));
            $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url;
        }
    }
    if (isset($_POST['first_name'])) {
        $user->first_name = sanitize_text_field($_POST['first_name']);
    }
    if (isset($_POST['last_name'])) {
        $user->last_name = sanitize_text_field($_POST['last_name']);
    }
    if (isset($_POST['nickname'])) {
        $user->nickname = sanitize_text_field($_POST['nickname']);
    }
    if (isset($_POST['display_name'])) {
        $user->display_name = sanitize_text_field($_POST['display_name']);
    }
    if (isset($_POST['description'])) {
        $user->description = trim($_POST['description']);
    }
    foreach (wp_get_user_contact_methods($user) as $method => $name) {
        if (isset($_POST[$method])) {
            $user->{$method} = sanitize_text_field($_POST[$method]);
        }
    }
    if ($update) {
        $user->rich_editing = isset($_POST['rich_editing']) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';
        $user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh';
        $user->show_admin_bar_front = isset($_POST['admin_bar_front']) ? 'true' : 'false';
    }
    $user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
    $user->use_ssl = 0;
    if (!empty($_POST['use_ssl'])) {
        $user->use_ssl = 1;
    }
    $errors = new WP_Error();
    /* checking that username has been typed */
    if ($user->user_login == '') {
        $errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.', 'ipin'));
    }
    /* checking the password has been typed twice */
    do_action_ref_array('check_passwords', array($user->user_login, &$pass1, &$pass2));
    if ($update) {
        if (empty($pass1) && !empty($pass2)) {
            $errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.', 'ipin'), array('form-field' => 'pass1'));
        } elseif (!empty($pass1) && empty($pass2)) {
            $errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.', 'ipin'), array('form-field' => 'pass2'));
        }
        //edited: added to check password length
        if (!empty($pass1) && !empty($pass2)) {
            if (strlen($pass1) < 6) {
                $errors->add('password_too_short', "<strong>ERROR</strong>: Passwords must be at least 6 characters long", 'ipin');
            }
        }
    } else {
//.........这里部分代码省略.........
开发者ID:evinw,项目名称:project_modelv,代码行数:101,代码来源:page_cp_settings.php

示例14: escapeKSESFilter

 /**
  * Escapes the given string for the KSES filter with the criteria of allowing/disallowing tags and the protocol.
  * 
  * @remark           Attributes are not supported at this moment.
  * @param            array            $aAllowedTags                e.g. array( 'noscript', 'style', )
  * @param            array            $aDisallowedTags            e.g. array( 'table', 'tbody', 'thoot', 'thead', 'th', 'tr' )
  * @since            2.0.0
  */
 public static function escapeKSESFilter($sString, $aAllowedTags = array(), $aDisallowedTags = array(), $aAllowedProtocols = array())
 {
     foreach ($aAllowedTags as $sTag) {
         $aFormatAllowedTags[$sTag] = array();
         // activate the inline style attribute.
     }
     $aAllowedHTMLTags = AmazonAutoLinks_Utility::uniteArrays($aFormatAllowedTags, $GLOBALS['allowedposttags']);
     // the first parameter takes over the second.
     foreach ($aDisallowedTags as $sTag) {
         if (isset($aAllowedHTMLTags[$sTag])) {
             unset($aAllowedHTMLTags[$sTag]);
         }
     }
     if (empty($aAllowedProtocols)) {
         $aAllowedProtocols = wp_allowed_protocols();
     }
     $sString = addslashes($sString);
     // the original function call was doing this - could be redundant but haven't fully tested it
     $sString = stripslashes($sString);
     // wp_filter_post_kses()
     $sString = wp_kses_no_null($sString);
     // wp_kses()
     $sString = wp_kses_js_entities($sString);
     // wp_kses()
     $sString = wp_kses_normalize_entities($sString);
     // wp_kses()
     $sString = wp_kses_hook($sString, $aAllowedHTMLTags, $aAllowedProtocols);
     // WP changed the order of these funcs and added args to wp_kses_hook
     $sString = wp_kses_split($sString, $aAllowedHTMLTags, $aAllowedProtocols);
     $sString = addslashes($sString);
     // wp_filter_post_kses()
     $sString = stripslashes($sString);
     // the original function call was doing this - could be redundant but haven't fully tested it
     return $sString;
 }
开发者ID:ashik968,项目名称:digiplot,代码行数:43,代码来源:AmazonAutoLinks_WPUtility.php

示例15: wp_user_profiles_edit_user

/**
 * Edit user settings based on contents of $_POST
 *
 * Largely based on the edit_user() function, this function only throws errors
 * when the user has posted invalid data, vs. when the mock user object does not
 * contain it.
 *
 * @since 0.1.0
 *
 * @param int $user_id Optional. User ID.
 * @return int|WP_Error user id of the updated user
 */
function wp_user_profiles_edit_user($user_id = 0)
{
    // Bail if no user ID
    if (empty($user_id)) {
        return;
    }
    // Setup the user being saved
    $user = new stdClass();
    $user->ID = (int) $user_id;
    $userdata = get_userdata($user_id);
    // Setup the user login
    if (isset($_POST['user_login'])) {
        $user->user_login = sanitize_user($_POST['user_login'], true);
    } else {
        $user->user_login = wp_slash($userdata->user_login);
    }
    // Password changes
    $pass1 = isset($_POST['pass1']) ? $_POST['pass1'] : '';
    $pass2 = isset($_POST['pass2']) ? $_POST['pass2'] : '';
    // Role changes
    if (isset($_POST['role']) && current_user_can('edit_users')) {
        // New roles
        $new_roles = $_POST['role'];
        // Loop through new roles
        foreach ($new_roles as $blog_id => $new_role) {
            // Switch to the blog
            switch_to_blog($blog_id);
            // If the new role isn't editable by the logged-in user die with error
            $editable_roles = get_editable_roles();
            if (!empty($new_role) && !empty($editable_roles[$new_role])) {
                $update_role = get_userdata($user_id);
                $update_role->set_role($new_role);
            }
            // Switch back
            restore_current_blog();
        }
    }
    // Email
    if (isset($_POST['email'])) {
        $user->user_email = sanitize_text_field(wp_unslash($_POST['email']));
    }
    // Website
    if (isset($_POST['url'])) {
        if (empty($_POST['url']) || $_POST['url'] == 'http://') {
            $user->user_url = '';
        } else {
            $user->user_url = esc_url_raw($_POST['url']);
            $protocols = implode('|', array_map('preg_quote', wp_allowed_protocols()));
            $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url;
        }
    }
    // First
    if (isset($_POST['first_name'])) {
        $user->first_name = sanitize_text_field($_POST['first_name']);
    }
    // Last
    if (isset($_POST['last_name'])) {
        $user->last_name = sanitize_text_field($_POST['last_name']);
    }
    // Nick
    if (isset($_POST['nickname'])) {
        $user->nickname = sanitize_text_field($_POST['nickname']);
    }
    // Display
    if (isset($_POST['display_name'])) {
        $user->display_name = sanitize_text_field($_POST['display_name']);
    }
    // Description
    if (isset($_POST['description'])) {
        $user->description = trim($_POST['description']);
    }
    // Contact methods
    foreach (wp_get_user_contact_methods($user) as $method => $name) {
        if (isset($_POST[$method])) {
            $user->{$method} = sanitize_text_field($_POST[$method]);
        }
    }
    // Options
    $user->rich_editing = isset($_POST['rich_editing']) && 'false' === $_POST['rich_editing'] ? 'false' : 'true';
    $user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh';
    $user->show_admin_bar_front = isset($_POST['admin_bar_front']) ? 'true' : 'false';
    $user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' === $_POST['comment_shortcuts'] ? 'true' : '';
    $user->use_ssl = 0;
    if (!empty($_POST['use_ssl'])) {
        $user->use_ssl = 1;
    }
    // Error checking
    $errors = new WP_Error();
//.........这里部分代码省略.........
开发者ID:bradyvercher,项目名称:wp-user-profiles,代码行数:101,代码来源:functions.php


注:本文中的wp_allowed_protocols函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。