當前位置: 首頁>>代碼示例>>PHP>>正文


PHP wp_kses_bad_protocol函數代碼示例

本文整理匯總了PHP中wp_kses_bad_protocol函數的典型用法代碼示例。如果您正苦於以下問題:PHP wp_kses_bad_protocol函數的具體用法?PHP wp_kses_bad_protocol怎麽用?PHP wp_kses_bad_protocol使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。


在下文中一共展示了wp_kses_bad_protocol函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。

示例1: esc_url

 function esc_url($url, $protocols = null, $_context = 'display')
 {
     $original_url = $url;
     if ('' == $url) {
         return $url;
     }
     $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\\|*\'()\\x80-\\xff]|i', '', $url);
     $strip = array('%0d', '%0a', '%0D', '%0A');
     $url = _deep_replace($strip, $url);
     $url = str_replace(';//', '://', $url);
     if (strpos($url, ':') === false && substr($url, 0, 1) != '/' && substr($url, 0, 1) != '#' && !preg_match('/^[a-z0-9-]+?\\.php/i', $url)) {
         $url = 'http://' . $url;
     }
     if ('display' == $_context) {
         $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
         $url = str_replace("'", ''', $url);
     }
     if (!is_array($protocols)) {
         $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn');
     }
     if (wp_kses_bad_protocol($url, $protocols) != $url) {
         return '';
     }
     return apply_filters('clean_url', $url, $original_url, $_context);
 }
開發者ID:simplon-emmanuelD,項目名稱:Simplon-INESS,代碼行數:25,代碼來源:legacy.php

示例2: nextgen_esc_url

 function nextgen_esc_url($url, $protocols = null, $_context = 'display')
 {
     $original_url = $url;
     if ('' == $url) {
         return $url;
     }
     $url = preg_replace('|[^a-z0-9 \\-~+_.?#=!&;,/:%@$\\|*\'()\\x80-\\xff]|i', '', $url);
     $strip = array('%0d', '%0a', '%0D', '%0A');
     $url = _deep_replace($strip, $url);
     $url = str_replace(';//', '://', $url);
     /* If the URL doesn't appear to contain a scheme, we
      * presume it needs http:// appended (unless a relative
      * link starting with /, # or ? or a php file).
      */
     if (strpos($url, ':') === false && !in_array($url[0], array('/', '#', '?')) && !preg_match('/^[a-z0-9-]+?\\.php/i', $url)) {
         $url = 'http://' . $url;
     }
     // Replace ampersands and single quotes only when displaying.
     if ('display' == $_context) {
         $url = wp_kses_normalize_entities($url);
         $url = str_replace('&', '&', $url);
         $url = str_replace("'", ''', $url);
         $url = str_replace('%', '%25', $url);
         $url = str_replace(' ', '%20', $url);
     }
     if ('/' === $url[0]) {
         $good_protocol_url = $url;
     } else {
         if (!is_array($protocols)) {
             $protocols = wp_allowed_protocols();
         }
         $good_protocol_url = wp_kses_bad_protocol($url, $protocols);
         if (strtolower($good_protocol_url) != strtolower($url)) {
             return '';
         }
     }
     return apply_filters('clean_url', $good_protocol_url, $original_url, $_context);
 }
開發者ID:patrickmetzger,項目名稱:adthrive-touch,代碼行數:38,代碼來源:nggallery.php

示例3: request

 /**
  * Send an HTTP request to a URI.
  *
  * Please note: The only URI that are supported in the HTTP Transport implementation
  * are the HTTP and HTTPS protocols.
  *
  * @access public
  * @since 2.7.0
  *
  * @param string       $url  The request URL.
  * @param string|array $args {
  *     Optional. Array or string of HTTP request arguments.
  *
  *     @type string       $method              Request method. Accepts 'GET', 'POST', 'HEAD', or 'PUT'.
  *                                             Some transports technically allow others, but should not be
  *                                             assumed. Default 'GET'.
  *     @type int          $timeout             How long the connection should stay open in seconds. Default 5.
  *     @type int          $redirection         Number of allowed redirects. Not supported by all transports
  *                                             Default 5.
  *     @type string       $httpversion         Version of the HTTP protocol to use. Accepts '1.0' and '1.1'.
  *                                             Default '1.0'.
  *     @type string       $user-agent          User-agent value sent.
  *                                             Default WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ).
  *     @type bool         $reject_unsafe_urls  Whether to pass URLs through wp_http_validate_url().
  *                                             Default false.
  *     @type bool         $blocking            Whether the calling code requires the result of the request.
  *                                             If set to false, the request will be sent to the remote server,
  *                                             and processing returned to the calling code immediately, the caller
  *                                             will know if the request succeeded or failed, but will not receive
  *                                             any response from the remote server. Default true.
  *     @type string|array $headers             Array or string of headers to send with the request.
  *                                             Default empty array.
  *     @type array        $cookies             List of cookies to send with the request. Default empty array.
  *     @type string|array $body                Body to send with the request. Default null.
  *     @type bool         $compress            Whether to compress the $body when sending the request.
  *                                             Default false.
  *     @type bool         $decompress          Whether to decompress a compressed response. If set to false and
  *                                             compressed content is returned in the response anyway, it will
  *                                             need to be separately decompressed. Default true.
  *     @type bool         $sslverify           Whether to verify SSL for the request. Default true.
  *     @type string       sslcertificates      Absolute path to an SSL certificate .crt file.
  *                                             Default ABSPATH . WPINC . '/certificates/ca-bundle.crt'.
  *     @type bool         $stream              Whether to stream to a file. If set to true and no filename was
  *                                             given, it will be droped it in the WP temp dir and its name will
  *                                             be set using the basename of the URL. Default false.
  *     @type string       $filename            Filename of the file to write to when streaming. $stream must be
  *                                             set to true. Default null.
  *     @type int          $limit_response_size Size in bytes to limit the response to. Default null.
  *
  * }
  * @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'.
  *                        A WP_Error instance upon error.
  */
 public function request($url, $args = array())
 {
     $defaults = array('method' => 'GET', 'timeout' => apply_filters('http_request_timeout', 5), 'redirection' => apply_filters('http_request_redirection_count', 5), 'httpversion' => apply_filters('http_request_version', '1.0'), 'user-agent' => apply_filters('http_headers_useragent', 'WordPress/' . get_bloginfo('version') . '; ' . get_bloginfo('url')), 'reject_unsafe_urls' => apply_filters('http_request_reject_unsafe_urls', false), 'blocking' => true, 'headers' => array(), 'cookies' => array(), 'body' => null, 'compress' => false, 'decompress' => true, 'sslverify' => true, 'sslcertificates' => ABSPATH . WPINC . '/certificates/ca-bundle.crt', 'stream' => false, 'filename' => null, 'limit_response_size' => null);
     // Pre-parse for the HEAD checks.
     $args = wp_parse_args($args);
     // By default, Head requests do not cause redirections.
     if (isset($args['method']) && 'HEAD' == $args['method']) {
         $defaults['redirection'] = 0;
     }
     $r = wp_parse_args($args, $defaults);
     /**
      * Filters the arguments used in an HTTP request.
      *
      * @since 2.7.0
      *
      * @param array  $r   An array of HTTP request arguments.
      * @param string $url The request URL.
      */
     $r = apply_filters('http_request_args', $r, $url);
     // The transports decrement this, store a copy of the original value for loop purposes.
     if (!isset($r['_redirection'])) {
         $r['_redirection'] = $r['redirection'];
     }
     /**
      * Filters whether to preempt an HTTP request's return value.
      *
      * Returning a non-false value from the filter will short-circuit the HTTP request and return
      * early with that value. A filter should return either:
      *
      *  - An array containing 'headers', 'body', 'response', 'cookies', and 'filename' elements
      *  - A WP_Error instance
      *  - boolean false (to avoid short-circuiting the response)
      *
      * Returning any other value may result in unexpected behaviour.
      *
      * @since 2.9.0
      *
      * @param false|array|WP_Error $preempt Whether to preempt an HTTP request's return value. Default false.
      * @param array               $r        HTTP request arguments.
      * @param string              $url      The request URL.
      */
     $pre = apply_filters('pre_http_request', false, $r, $url);
     if (false !== $pre) {
         return $pre;
     }
     if (function_exists('wp_kses_bad_protocol')) {
         if ($r['reject_unsafe_urls']) {
//.........這裏部分代碼省略.........
開發者ID:aaemnnosttv,項目名稱:develop.git.wordpress.org,代碼行數:101,代碼來源:class-http.php

示例4: wp_http_validate_url

/**
 * Validate a URL for safe use in the HTTP API.
 *
 * @since 3.5.2
 *
 * @return mixed URL or false on failure.
 */
function wp_http_validate_url($url)
{
    $original_url = $url;
    $url = wp_kses_bad_protocol($url, array('http', 'https'));
    if (!$url || strtolower($url) !== strtolower($original_url)) {
        return false;
    }
    $parsed_url = @parse_url($url);
    if (!$parsed_url || empty($parsed_url['host'])) {
        return false;
    }
    if (isset($parsed_url['user']) || isset($parsed_url['pass'])) {
        return false;
    }
    if (false !== strpbrk($parsed_url['host'], ':#?[]')) {
        return false;
    }
    $parsed_home = @parse_url(get_option('home'));
    $same_host = strtolower($parsed_home['host']) === strtolower($parsed_url['host']);
    if (!$same_host) {
        $host = trim($parsed_url['host'], '.');
        if (preg_match('#^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$#', $host)) {
            $ip = $host;
        } else {
            $ip = gethostbyname($host);
            if ($ip === $host) {
                // Error condition for gethostbyname()
                $ip = false;
            }
        }
        if ($ip) {
            $parts = array_map('intval', explode('.', $ip));
            if (127 === $parts[0] || 10 === $parts[0] || 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] || 192 === $parts[0] && 168 === $parts[1]) {
                // If host appears local, reject unless specifically allowed.
                /**
                 * Check if HTTP request is external or not.
                 *
                 * Allows to change and allow external requests for the HTTP request.
                 *
                 * @since 3.6.0
                 *
                 * @param bool false Whether HTTP request is external or not.
                 * @param string $host IP of the requested host.
                 * @param string $url URL of the requested host.
                 */
                if (!apply_filters('http_request_host_is_external', false, $host, $url)) {
                    return false;
                }
            }
        }
    }
    if (empty($parsed_url['port'])) {
        return $url;
    }
    $port = $parsed_url['port'];
    if (80 === $port || 443 === $port || 8080 === $port) {
        return $url;
    }
    if ($parsed_home && $same_host && $parsed_home['port'] === $port) {
        return $url;
    }
    return false;
}
開發者ID:novichkovv,項目名稱:candoweightloss,代碼行數:70,代碼來源:http.php

示例5: test_wp_kses_bad_protocol

 function test_wp_kses_bad_protocol()
 {
     $bad = array('dummy:alert(1)', 'javascript:alert(1)', 'JaVaScRiPt:alert(1)', 'javascript:alert(1);', 'javascript&#58;alert(1);', 'javascript&#0058;alert(1);', 'javascript&#0000058alert(1);', 'javascript&#x3A;alert(1);', 'javascript&#X3A;alert(1);', 'javascript&#X3a;alert(1);', 'javascript&#x3a;alert(1);', 'javascript&#x003a;alert(1);', '&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29', 'jav	ascript:alert(1);', 'jav&#x09;ascript:alert(1);', 'jav&#x0A;ascript:alert(1);', 'jav&#x0D;ascript:alert(1);', ' &#14;  javascript:alert(1);', 'javascript:javascript:alert(1);', 'javascript&#58;javascript:alert(1);', 'javascript&#0000058javascript:alert(1);', 'javascript:javascript&#58;alert(1);', 'javascript:javascript&#0000058alert(1);', 'javascript&#0000058alert(1)//?:', 'feed:javascript:alert(1)', 'feed:javascript:feed:javascript:feed:javascript:alert(1)');
     foreach ($bad as $k => $x) {
         $result = wp_kses_bad_protocol(wp_kses_normalize_entities($x), wp_allowed_protocols());
         if (!empty($result) && $result != 'alert(1);' && $result != 'alert(1)') {
             switch ($k) {
                 case 6:
                     $this->assertEquals('javascript&amp;#0000058alert(1);', $result);
                     break;
                 case 12:
                     $this->assertEquals(str_replace('&', '&amp;', $x), $result);
                     break;
                 case 22:
                     $this->assertEquals('javascript&amp;#0000058alert(1);', $result);
                     break;
                 case 23:
                     $this->assertEquals('javascript&amp;#0000058alert(1)//?:', $result);
                     break;
                 case 24:
                     $this->assertEquals('feed:alert(1)', $result);
                     break;
                 default:
                     $this->fail("wp_kses_bad_protocol failed on {$x}. Result: {$result}");
             }
         }
     }
     $safe = array('dummy:alert(1)', 'HTTP://example.org/', 'http://example.org/', 'http&#58;//example.org/', 'http&#x3A;//example.org/', 'https://example.org', 'http://example.org/wp-admin/post.php?post=2&amp;action=edit', 'http://example.org/index.php?test=&#039;blah&#039;');
     foreach ($safe as $x) {
         $result = wp_kses_bad_protocol(wp_kses_normalize_entities($x), array('http', 'https', 'dummy'));
         if ($result != $x && $result != 'http://example.org/') {
             $this->fail("wp_kses_bad_protocol incorrectly blocked {$x}");
         }
     }
 }
開發者ID:plis197715,項目名稱:wordpress-develop,代碼行數:35,代碼來源:kses.php

示例6: esc_url

/**
 * Checks and cleans a URL.
 *
 * A number of characters are removed from the URL. If the URL is for displaying
 * (the default behaviour) ampersands are also replaced. The 'clean_url' filter
 * is applied to the returned cleaned URL.
 *
 * @since 2.8.0
 * @uses wp_kses_bad_protocol() To only permit protocols in the URL set
 *		via $protocols or the common ones set in the function.
 *
 * @param string $url The URL to be cleaned.
 * @param array $protocols Optional. An array of acceptable protocols.
 *		Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn' if not set.
 * @param string $_context Private. Use esc_url_raw() for database usage.
 * @return string The cleaned $url after the 'clean_url' filter is applied.
 */
function esc_url( $url, $protocols = null, $_context = 'display' ) {
	$original_url = $url;

	if ( '' == $url )
		return $url;
	$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
	$strip = array('%0d', '%0a', '%0D', '%0A');
	$url = _deep_replace($strip, $url);
	$url = str_replace(';//', '://', $url);
	/* If the URL doesn't appear to contain a scheme, we
	 * presume it needs http:// appended (unless a relative
	 * link starting with /, # or ? or a php file).
	 */
	if ( strpos($url, ':') === false && ! in_array( $url[0], array( '/', '#', '?' ) ) &&
		! preg_match('/^[a-z0-9-]+?\.php/i', $url) )
		$url = 'http://' . $url;

	// Replace ampersands and single quotes only when displaying.
	if ( 'display' == $_context ) {
		$url = wp_kses_normalize_entities( $url );
		$url = str_replace( '&amp;', '&#038;', $url );
		$url = str_replace( "'", '&#039;', $url );
	}

	if ( '/' === $url[0] ) {
		$good_protocol_url = $url;
	} else {
		if ( ! is_array( $protocols ) )
			$protocols = wp_allowed_protocols();
		$good_protocol_url = wp_kses_bad_protocol( $url, $protocols );
		if ( strtolower( $good_protocol_url ) != strtolower( $url ) )
			return '';
	}

	/**
	 * Filter a string cleaned and escaped for output as a URL.
	 *
	 * @since 2.3.0
	 *
	 * @param string $good_protocol_url The cleaned URL to be returned.
	 * @param string $original_url      The URL prior to cleaning.
	 * @param string $_context          If 'display', replace ampersands and single quotes only.
	 */
	return apply_filters( 'clean_url', $good_protocol_url, $original_url, $_context );
}
開發者ID:staylor,項目名稱:develop.svn.wordpress.org,代碼行數:62,代碼來源:formatting.php

示例7: request


//.........這裏部分代碼省略.........
      *
      * @since 2.7.0
      *
      * @param array  $r   An array of HTTP request arguments.
      * @param string $url The request URL.
      */
     $r = apply_filters('http_request_args', $r, $url);
     // The transports decrement this, store a copy of the original value for loop purposes.
     if (!isset($r['_redirection'])) {
         $r['_redirection'] = $r['redirection'];
     }
     /**
      * Filter whether to preempt an HTTP request's return value.
      *
      * Returning a non-false value from the filter will short-circuit the HTTP request and return
      * early with that value. A filter should return either:
      *
      *  - An array containing 'headers', 'body', 'response', 'cookies', and 'filename' elements
      *  - A WP_Error instance
      *  - boolean false (to avoid short-circuiting the response)
      *
      * Returning any other value may result in unexpected behaviour.
      *
      * @since 2.9.0
      *
      * @param false|array|WP_Error $preempt Whether to preempt an HTTP request's return value. Default false.
      * @param array               $r        HTTP request arguments.
      * @param string              $url      The request URL.
      */
     $pre = apply_filters('pre_http_request', false, $r, $url);
     if (false !== $pre) {
         return $pre;
     }
     if (function_exists('wp_kses_bad_protocol')) {
         if ($r['reject_unsafe_urls']) {
             $url = wp_http_validate_url($url);
         }
         if ($url) {
             $url = wp_kses_bad_protocol($url, array('http', 'https', 'ssl'));
         }
     }
     $arrURL = @parse_url($url);
     if (empty($url) || empty($arrURL['scheme'])) {
         return new WP_Error('http_request_failed', __('A valid URL was not provided.'));
     }
     if ($this->block_request($url)) {
         return new WP_Error('http_request_failed', __('User has blocked requests through HTTP.'));
     }
     /*
      * Determine if this is a https call and pass that on to the transport functions
      * so that we can blacklist the transports that do not support ssl verification
      */
     $r['ssl'] = $arrURL['scheme'] == 'https' || $arrURL['scheme'] == 'ssl';
     // Determine if this request is to OUR install of WordPress.
     $homeURL = parse_url(get_bloginfo('url'));
     $r['local'] = 'localhost' == $arrURL['host'] || isset($homeURL['host']) && $homeURL['host'] == $arrURL['host'];
     unset($homeURL);
     /*
      * If we are streaming to a file but no filename was given drop it in the WP temp dir
      * and pick its name using the basename of the $url.
      */
     if ($r['stream'] && empty($r['filename'])) {
         $r['filename'] = get_temp_dir() . wp_unique_filename(get_temp_dir(), basename($url));
     }
     /*
      * Force some settings if we are streaming to a file and check for existence and perms
開發者ID:mondi-webdigital,項目名稱:prueba-wordpress,代碼行數:67,代碼來源:class-http.php

示例8: clean_url

function clean_url( $url, $protocols = null ) {
	if ('' == $url) return $url;
	$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%]|i', '', $url);
	$strip = array('%0d', '%0a');
	$url = str_replace($strip, '', $url);
	$url = str_replace(';//', '://', $url);
	// Append http unless a relative link starting with / or a php file.
	if ( strpos($url, '://') === false &&
		substr( $url, 0, 1 ) != '/' && !preg_match('/^[a-z0-9]+?\.php/i', $url) )
		$url = 'http://' . $url;
	
	$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&#038;$1', $url);
	if ( !is_array($protocols) )
		$protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'); 
	if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
		return '';
	return $url;
}
開發者ID:staylor,項目名稱:develop.svn.wordpress.org,代碼行數:18,代碼來源:functions-formatting.php

示例9: clean_url

function clean_url($url, $protocols = null, $context = 'display')
{
    $original_url = $url;
    if ('' == $url) {
        return $url;
    }
    $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@()]|i', '', $url);
    $strip = array('%0d', '%0a');
    $url = str_replace($strip, '', $url);
    $url = str_replace(';//', '://', $url);
    /* If the URL doesn't appear to contain a scheme, we
     * presume it needs http:// appended (unless a relative
     * link starting with / or a php file).
     */
    if (strpos($url, ':') === false && substr($url, 0, 1) != '/' && !preg_match('/^[a-z0-9-]+?\\.php/i', $url)) {
        $url = 'http://' . $url;
    }
    // Replace ampersands ony when displaying.
    if ('display' == $context) {
        $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&#038;$1', $url);
    }
    if (!is_array($protocols)) {
        $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet');
    }
    if (wp_kses_bad_protocol($url, $protocols) != $url) {
        return '';
    }
    return apply_filters('clean_url', $url, $original_url, $context);
}
開發者ID:staylor,項目名稱:develop.svn.wordpress.org,代碼行數:29,代碼來源:formatting.php

示例10: wp_kses_hair

/**
 * wp_kses_hair() - Builds an attribute list from string containing attributes.
 *
 * This function does a lot of work. It parses an attribute list into an array
 * with attribute data, and tries to do the right thing even if it gets weird
 * input. It will add quotes around attribute values that don't have any quotes
 * or apostrophes around them, to make it easier to produce HTML code that will
 * conform to W3C's HTML specification. It will also remove bad URL protocols
 * from attribute values.  It also reduces duplicate attributes by using the
 * attribute defined first (foo='bar' foo='baz' will result in foo='bar').
 *
 * @since 1.0.0
 *
 * @param string $attr Attribute list from HTML element to closing HTML element tag
 * @param array $allowed_protocols Allowed protocols to keep
 * @return array List of attributes after parsing
 */
function wp_kses_hair($attr, $allowed_protocols)
{
    $attrarr = array();
    $mode = 0;
    $attrname = '';
    # Loop through the whole attribute list
    while (strlen($attr) != 0) {
        $working = 0;
        # Was the last operation successful?
        switch ($mode) {
            case 0:
                # attribute name, href for instance
                if (preg_match('/^([-a-zA-Z]+)/', $attr, $match)) {
                    $attrname = $match[1];
                    $working = $mode = 1;
                    $attr = preg_replace('/^[-a-zA-Z]+/', '', $attr);
                }
                break;
            case 1:
                # equals sign or valueless ("selected")
                if (preg_match('/^\\s*=\\s*/', $attr)) {
                    $working = 1;
                    $mode = 2;
                    $attr = preg_replace('/^\\s*=\\s*/', '', $attr);
                    break;
                }
                if (preg_match('/^\\s+/', $attr)) {
                    $working = 1;
                    $mode = 0;
                    if (FALSE === array_key_exists($attrname, $attrarr)) {
                        $attrarr[$attrname] = array('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');
                    }
                    $attr = preg_replace('/^\\s+/', '', $attr);
                }
                break;
            case 2:
                # attribute value, a URL after href= for instance
                if (preg_match('/^"([^"]*)"(\\s+|$)/', $attr, $match)) {
                    $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
                    if (FALSE === array_key_exists($attrname, $attrarr)) {
                        $attrarr[$attrname] = array('name' => $attrname, 'value' => $thisval, 'whole' => "{$attrname}=\"{$thisval}\"", 'vless' => 'n');
                    }
                    $working = 1;
                    $mode = 0;
                    $attr = preg_replace('/^"[^"]*"(\\s+|$)/', '', $attr);
                    break;
                }
                if (preg_match("/^'([^']*)'(\\s+|\$)/", $attr, $match)) {
                    $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
                    if (FALSE === array_key_exists($attrname, $attrarr)) {
                        $attrarr[$attrname] = array('name' => $attrname, 'value' => $thisval, 'whole' => "{$attrname}='{$thisval}'", 'vless' => 'n');
                    }
                    $working = 1;
                    $mode = 0;
                    $attr = preg_replace("/^'[^']*'(\\s+|\$)/", '', $attr);
                    break;
                }
                if (preg_match("%^([^\\s\"']+)(\\s+|\$)%", $attr, $match)) {
                    $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
                    if (FALSE === array_key_exists($attrname, $attrarr)) {
                        $attrarr[$attrname] = array('name' => $attrname, 'value' => $thisval, 'whole' => "{$attrname}=\"{$thisval}\"", 'vless' => 'n');
                    }
                    # We add quotes to conform to W3C's HTML spec.
                    $working = 1;
                    $mode = 0;
                    $attr = preg_replace("%^[^\\s\"']+(\\s+|\$)%", '', $attr);
                }
                break;
        }
        # switch
        if ($working == 0) {
            $attr = wp_kses_html_error($attr);
            $mode = 0;
        }
    }
    # while
    if ($mode == 1 && FALSE === array_key_exists($attrname, $attrarr)) {
        # special case, for when the attribute list ends with a valueless
        # attribute like "selected"
        $attrarr[$attrname] = array('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');
    }
    return $attrarr;
}
開發者ID:staylor,項目名稱:develop.svn.wordpress.org,代碼行數:100,代碼來源:kses.php

示例11: esc_url

 /**
  * Checks and cleans a URL. This function is from WordPress.
  *
  * A number of characters are removed from the URL. If the URL is for displaying
  * (the default behaviour) ampersands are also replaced. The 'clean_url' filter
  * is applied to the returned cleaned URL.
  *
  * @since 2.8.0
  * @uses wp_kses_bad_protocol() To only permit protocols in the URL set
  *		via $protocols or the common ones set in the function.
  *
  * @param string $url The URL to be cleaned.
  * @param array $protocols Optional. An array of acceptable protocols.
  *		Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn' if not set.
  * @param string $_context Private. Use esc_url_raw() for database usage.
  * @return string The cleaned $url after the 'clean_url' filter is applied.
  */
 public function esc_url($url, $protocols = null, $_context = 'display')
 {
     $original_url = $url;
     $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\\|*\'()\\x80-\\xff]|i', '', $url);
     $strip = array('%0d', '%0a', '%0D', '%0A');
     $url = _deep_replace($strip, $url);
     $url = str_replace(';//', '://', $url);
     // Replace ampersands and single quotes only when displaying.
     if ('display' == $_context) {
         $url = wp_kses_normalize_entities($url);
         $url = str_replace('&amp;', '&#038;', $url);
         $url = str_replace('\'', '&#039;', $url);
     }
     if (!empty($url[0]) && '/' === $url[0]) {
         $good_protocol_url = $url;
     } else {
         if (!is_array($protocols)) {
             $protocols = wp_allowed_protocols();
         }
         $good_protocol_url = wp_kses_bad_protocol($url, $protocols);
         if (strtolower($good_protocol_url) != strtolower($url)) {
             return '';
         }
     }
     /**
      * Filter a string cleaned and escaped for output as a URL.
      *
      * @since 2.3.0
      *
      * @param string $good_protocol_url The cleaned URL to be returned.
      * @param string $original_url      The URL prior to cleaning.
      * @param string $_context          If 'display', replace ampersands and single quotes only.
      */
     return apply_filters('clean_url', $good_protocol_url, $original_url, $_context);
 }
開發者ID:kixortillan,項目名稱:dfosashworks,代碼行數:52,代碼來源:package.module.router.php

示例12: clean_url

function clean_url( $url, $protocols = null ) {
	if ('' == $url) return $url;
	$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%]|i', '', $url);
	$strip = array('%0d', '%0a');
	$url = str_replace($strip, '', $url);
	$url = str_replace(';//', '://', $url);
	$url = (!strstr($url, '://')) ? 'http://'.$url : $url;
	$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&#038;$1', $url);
	if ( !is_array($protocols) )
		$protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'); 
	if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
		return '';
	return $url;
}
開發者ID:staylor,項目名稱:develop.svn.wordpress.org,代碼行數:14,代碼來源:formatting.php

示例13: freshy_theme_page

function freshy_theme_page()
{
    global $freshy_options;
    if ($_GET['page'] == basename(__FILE__)) {
        $array_themes_strings = array('lime', 'blue', 'red');
        if (isset($_POST['freshy_options_update'])) {
            $freshy_updated_options = array();
            $freshy_updated_options = $_POST;
            if (isset($freshy_updated_options['theme']) && $freshy_updated_options['changedtheme'] == 1) {
                freshy_set_theme($freshy_updated_options['theme'], $freshy_updated_options['advanced_options']);
            } else {
                $freshy_updated_options['header_bg_custom'] = wp_kses_bad_protocol($freshy_updated_options['header_bg_custom'], array('http', 'https'));
                update_option('freshy_options', $freshy_updated_options);
                $freshy_options = get_option('freshy_options');
                echo '<div class="updated"><p>' . __('XTEC options updated.', 'xtec-11') . '</p></div>';
            }
        }
        echo '
		<div class="wrap">
		<h2>' . __('XTEC Options', 'xtec-11') . '</h2>
		
		<form name="freshy_options_form" method="post">
		<input type="hidden" name="freshy_options_update" value="update" />
		<input type="hidden" name="changedtheme" id="changedtheme" value="0" />
					
					
		<fieldset class="options">
		<legend>' . __('Theme switcher', 'xtec-11') . '</legend>
		<table id="freshy_menu_options" width="100%" cellspacing="2" cellpadding="5" class="editform">
			<col style="width:50%;"/><col/>
			<tr>
				<td>
					<label>' . __('Enter the label of the Homepage menu link', 'xtec-11') . ' </label>
					<br/>
					<small>' . __('info : modifying these labels should break internationalisation', 'xtec-11') . '</small>
				</td>
				<td>
					<input name="first_menu_label" type="text" value="' . $freshy_options['first_menu_label'] . '"/>
				</td>
			</tr>';
        if (function_exists('yy_menu')) {
            echo '
				<tr>
					<td>
						<label>' . __('Enter the label of the Blog menu link', 'xtec-11') . ' </label>
						<br/>
						<small>' . __('info : this is specially for YammYamm', 'xtec-11') . '</small>
					</td>
					<td>
						<input name="blog_menu_label" type="text" value="' . $freshy_options['blog_menu_label'] . '"/>
					</td>
				</tr>';
        }
        echo '
			<tr>
				<td>	
					<label>' . __('Enter the label of the last menu link', 'xtec-11') . ' </label>
				</td>
				<td>
					<input name="last_menu_label" type="text" value="' . $freshy_options['last_menu_label'] . '"/>
				</td>
			</tr>
			<tr>
				<td>
					<label>' . __('Title color, ex: #006699', 'xtec-11') . ' </label>
				</td>
				<td>
					<input style="width:100px;" id="color_title_custom" name="color_title_custom" type="text" value="' . $freshy_options['color_title_custom'] . '"/>
				</td>
			</tr>
			<tr>
				<td>
					<label>' . __('Subtitle color, ex: #3af567', 'xtec-11') . ' </label>
				</td>
				<td>
					<input style="width:100px;" id="color_subtitle_custom" name="color_subtitle_custom" type="text" value="' . $freshy_options['color_subtitle_custom'] . '"/>
				</td>
			</tr>
			<tr>
				<td>
					<label>' . __('Absolute url of your own css style', 'xtec-11') . ' </label><br />
					<small><a href="' . get_bloginfo('stylesheet_directory') . '/style-default.css" title="' . __('Click', 'xtec-11') . '">' . __('Download css default', 'xtec-11') . '</a></small>
				</td>
				<td>
					<input style="width:370px;" id="css_style_custom" name="css_style_custom" type="text" value="' . $freshy_options['css_style_custom'] . '"/>
				</td>
			</tr>
			<tr>
				<td>
					<label>' . __('Absolute url of your own image', 'xtec-11') . ' </label>
				</td>
				<td>
					<div style="border:1px solid silver;float:left;margin:2px;width:400px;height:50px;display:block;background:url(';
        echo $freshy_options['header_bg_custom'] . ') transparent 0 0;">
					<input style="margin:10px;width:370px;" id="header_bg_custom" name="header_bg_custom" type="text" value="' . $freshy_options['header_bg_custom'] . '"/>
					</div>
				</td>
			</tr>
			';
        if ($freshy_options['header_bg_custom'] != "") {
//.........這裏部分代碼省略.........
開發者ID:ignacioabejaro,項目名稱:xtecblocs,代碼行數:101,代碼來源:functions.php

示例14: wp_http_validate_url

/**
 * Validate a URL for safe use in the HTTP API.
 *
 * @since 3.5.2
 *
 * @return mixed URL or false on failure.
 */
function wp_http_validate_url($url)
{
    $url = wp_kses_bad_protocol($url, array('http', 'https'));
    if (!$url) {
        return false;
    }
    $parsed_url = @parse_url($url);
    if (!$parsed_url || empty($parsed_url['host'])) {
        return false;
    }
    if (isset($parsed_url['user']) || isset($parsed_url['pass'])) {
        return false;
    }
    if (false !== strpos($parsed_url['host'], ':')) {
        return false;
    }
    $parsed_home = @parse_url(get_option('home'));
    $same_host = strtolower($parsed_home['host']) === strtolower($parsed_url['host']);
    if (!$same_host) {
        $host = trim($parsed_url['host'], '.');
        if (preg_match('#^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$#', $host)) {
            $ip = $host;
        } else {
            $ip = gethostbyname($host);
            if ($ip === $host) {
                // Error condition for gethostbyname()
                $ip = false;
            }
        }
        if ($ip) {
            $parts = array_map('intval', explode('.', $ip));
            if ('127.0.0.1' === $ip || 10 === $parts[0] || 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] || 192 === $parts[0] && 168 === $parts[1]) {
                // If host appears local, reject unless specifically allowed.
                if (!apply_filters('http_request_host_is_external', false, $host, $url)) {
                    return false;
                }
            }
        }
    }
    if (empty($parsed_url['port'])) {
        return $url;
    }
    $port = $parsed_url['port'];
    if (80 === $port || 443 === $port || 8080 === $port) {
        return $url;
    }
    if ($parsed_home && $same_host && $parsed_home['port'] === $port) {
        return $url;
    }
    return false;
}
開發者ID:pankajsinghjarial,項目名稱:SYLC-AMERICAN,代碼行數:58,代碼來源:http.php

示例15: esc_url

/**
 * Checks and cleans a URL.
 *
 * A number of characters are removed from the URL. If the URL is for displaying
 * (the default behaviour) ampersands are also replaced. The 'clean_url' filter
 * is applied to the returned cleaned URL.
 *
 * @since 2.8.0
 *
 * @param string $url       The URL to be cleaned.
 * @param array  $protocols Optional. An array of acceptable protocols.
 *		                    Defaults to return value of wp_allowed_protocols()
 * @param string $_context  Private. Use esc_url_raw() for database usage.
 * @return string The cleaned $url after the 'clean_url' filter is applied.
 */
function esc_url($url, $protocols = null, $_context = 'display')
{
    $original_url = $url;
    if ('' == $url) {
        return $url;
    }
    $url = str_replace(' ', '%20', $url);
    $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\\|*\'()\\[\\]\\x80-\\xff]|i', '', $url);
    if ('' === $url) {
        return $url;
    }
    if (0 !== stripos($url, 'mailto:')) {
        $strip = array('%0d', '%0a', '%0D', '%0A');
        $url = _deep_replace($strip, $url);
    }
    $url = str_replace(';//', '://', $url);
    /* If the URL doesn't appear to contain a scheme, we
     * presume it needs http:// prepended (unless a relative
     * link starting with /, # or ? or a php file).
     */
    if (strpos($url, ':') === false && !in_array($url[0], array('/', '#', '?')) && !preg_match('/^[a-z0-9-]+?\\.php/i', $url)) {
        $url = 'http://' . $url;
    }
    // Replace ampersands and single quotes only when displaying.
    if ('display' == $_context) {
        $url = wp_kses_normalize_entities($url);
        $url = str_replace('&amp;', '&#038;', $url);
        $url = str_replace("'", '&#039;', $url);
    }
    if (false !== strpos($url, '[') || false !== strpos($url, ']')) {
        $parsed = wp_parse_url($url);
        $front = '';
        if (isset($parsed['scheme'])) {
            $front .= $parsed['scheme'] . '://';
        } elseif ('/' === $url[0]) {
            $front .= '//';
        }
        if (isset($parsed['user'])) {
            $front .= $parsed['user'];
        }
        if (isset($parsed['pass'])) {
            $front .= ':' . $parsed['pass'];
        }
        if (isset($parsed['user']) || isset($parsed['pass'])) {
            $front .= '@';
        }
        if (isset($parsed['host'])) {
            $front .= $parsed['host'];
        }
        if (isset($parsed['port'])) {
            $front .= ':' . $parsed['port'];
        }
        $end_dirty = str_replace($front, '', $url);
        $end_clean = str_replace(array('[', ']'), array('%5B', '%5D'), $end_dirty);
        $url = str_replace($end_dirty, $end_clean, $url);
    }
    if ('/' === $url[0]) {
        $good_protocol_url = $url;
    } else {
        if (!is_array($protocols)) {
            $protocols = wp_allowed_protocols();
        }
        $good_protocol_url = wp_kses_bad_protocol($url, $protocols);
        if (strtolower($good_protocol_url) != strtolower($url)) {
            return '';
        }
    }
    /**
     * Filter a string cleaned and escaped for output as a URL.
     *
     * @since 2.3.0
     *
     * @param string $good_protocol_url The cleaned URL to be returned.
     * @param string $original_url      The URL prior to cleaning.
     * @param string $_context          If 'display', replace ampersands and single quotes only.
     */
    return apply_filters('clean_url', $good_protocol_url, $original_url, $_context);
}
開發者ID:zhoujiangyou,項目名稱:WordPress,代碼行數:93,代碼來源:formatting.php


注:本文中的wp_kses_bad_protocol函數示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。