本文整理匯總了PHP中wp_kses_normalize_entities函數的典型用法代碼示例。如果您正苦於以下問題:PHP wp_kses_normalize_entities函數的具體用法?PHP wp_kses_normalize_entities怎麽用?PHP wp_kses_normalize_entities使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了wp_kses_normalize_entities函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。
示例1: ksesXML
/**
* Sanitises a fragment of XML code.
*
* @since 1.4
*
* @param string $xml
* @return string
*/
public static function ksesXML($xml)
{
$xml = wp_kses_no_null($xml);
$xml = wp_kses_js_entities($xml);
$xml = wp_kses_normalize_entities($xml);
return preg_replace_callback('%(<[^>]*(>|$)|>)%', array('self', 'kses_split'), $xml);
}
示例2: wp_kses
function wp_kses($string, $allowed_html, $allowed_protocols = array('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'feed', 'gopher', 'mailto'))
{
$string = wp_kses_no_null($string);
$string = wp_kses_js_entities($string);
$string = wp_kses_normalize_entities($string);
$string = wp_kses_hook($string);
$allowed_html_fixed = wp_kses_array_lc($allowed_html);
return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
}
示例3: wp_kses
/**
* Filters content and keeps only allowable HTML elements.
*
* This function makes sure that only the allowed HTML element names, attribute
* names and attribute values plus only sane HTML entities will occur in
* $string. You have to remove any slashes from PHP's magic quotes before you
* call this function.
*
* The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
* 'irc', 'gopher', 'nntp', 'feed', and finally 'telnet. This covers all common
* link protocols, except for 'javascript' which should not be allowed for
* untrusted users.
*
* @since 1.0.0
*
* @param string $string Content to filter through kses
* @param array $allowed_html List of allowed HTML elements
* @param array $allowed_protocols Optional. Allowed protocol in links.
* @return string Filtered content with only allowed HTML elements
*/
function wp_kses($string, $allowed_html, $allowed_protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'))
{
$string = wp_kses_no_null($string);
$string = wp_kses_js_entities($string);
$string = wp_kses_normalize_entities($string);
$allowed_html_fixed = wp_kses_array_lc($allowed_html);
$string = wp_kses_hook($string, $allowed_html_fixed, $allowed_protocols);
// WP changed the order of these funcs and added args to wp_kses_hook
return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
}
示例4: wp_kses
/**
* Filters content and keeps only allowable HTML elements.
*
* This function makes sure that only the allowed HTML element names, attribute
* names and attribute values plus only sane HTML entities will occur in
* $string. You have to remove any slashes from PHP's magic quotes before you
* call this function.
*
* The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
* 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This
* covers all common link protocols, except for 'javascript' which should not
* be allowed for untrusted users.
*
* @since 1.0.0
*
* @param string $string Content to filter through kses
* @param array $allowed_html List of allowed HTML elements
* @param array $allowed_protocols Optional. Allowed protocol in links.
* @return string Filtered content with only allowed HTML elements
*/
function wp_kses($string, $allowed_html, $allowed_protocols = array())
{
global $allowedprotocols;
if (empty($allowed_protocols)) {
$allowed_protocols = $allowedprotocols;
}
$string = wp_kses_no_null($string);
$string = wp_kses_js_entities($string);
$string = wp_kses_normalize_entities($string);
return wp_kses_split($string, $allowed_html, $allowed_protocols);
}
示例5: wp_kses
function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'feed', 'gopher', 'mailto'))
###############################################################################
# This function makes sure that only the allowed HTML element names, attribute
# names and attribute values plus only sane HTML entities will occur in
# $string. You have to remove any slashes from PHP's magic quotes before you
# call this function.
###############################################################################
{
$string = wp_kses_no_null($string);
$string = wp_kses_js_entities($string);
$string = wp_kses_normalize_entities($string);
$string = wp_kses_hook($string);
$allowed_html_fixed = wp_kses_array_lc($allowed_html);
return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
} # function wp_kses
示例6: nextgen_esc_url
function nextgen_esc_url($url, $protocols = null, $_context = 'display')
{
$original_url = $url;
if ('' == $url) {
return $url;
}
$url = preg_replace('|[^a-z0-9 \\-~+_.?#=!&;,/:%@$\\|*\'()\\x80-\\xff]|i', '', $url);
$strip = array('%0d', '%0a', '%0D', '%0A');
$url = _deep_replace($strip, $url);
$url = str_replace(';//', '://', $url);
/* If the URL doesn't appear to contain a scheme, we
* presume it needs http:// appended (unless a relative
* link starting with /, # or ? or a php file).
*/
if (strpos($url, ':') === false && !in_array($url[0], array('/', '#', '?')) && !preg_match('/^[a-z0-9-]+?\\.php/i', $url)) {
$url = 'http://' . $url;
}
// Replace ampersands and single quotes only when displaying.
if ('display' == $_context) {
$url = wp_kses_normalize_entities($url);
$url = str_replace('&', '&', $url);
$url = str_replace("'", ''', $url);
$url = str_replace('%', '%25', $url);
$url = str_replace(' ', '%20', $url);
}
if ('/' === $url[0]) {
$good_protocol_url = $url;
} else {
if (!is_array($protocols)) {
$protocols = wp_allowed_protocols();
}
$good_protocol_url = wp_kses_bad_protocol($url, $protocols);
if (strtolower($good_protocol_url) != strtolower($url)) {
return '';
}
}
return apply_filters('clean_url', $good_protocol_url, $original_url, $_context);
}
示例7: processShortcodePreformattedText
function processShortcodePreformattedText($attribute, $content, $tag)
{
$attribute = $this->processAttribute($tag, $attribute);
$html = null;
$Validation = new PBValidation();
if ($Validation->isEmpty($content)) {
return $html;
}
if (!$Validation->isBool($attribute['open_default'])) {
return $html;
}
$class = array('pb-preformatted-text');
if ($attribute['open_default'] == 1) {
array_push($class, 'pb-preformatted-text-visible');
}
array_push($class, $attribute['css_class']);
$id = PBHelper::createId('pb_preformatted_text');
$content = nl2br(trim(preg_replace(array('/\\[/', '/\\]/'), array('[', ']'), htmlspecialchars($content))));
$html = '
<div id="' . $id . '"' . PBHelper::createClassAttribute($class) . '>
<a href="#">
<span class="pb-preformatted-text-label-open">' . esc_html($attribute['label_open']) . '</span>
<span class="pb-preformatted-text-label-close">' . esc_html($attribute['label_close']) . '</span>
</a>
<pre>' . wp_kses_normalize_entities($content) . '</pre>
</div>
<div class="pb-script-tag">
<script type="text/javascript">
jQuery(document).ready(function($)
{
$("#' . $id . '").PBPreformattedText();
});
</script>
</div>
';
return PBHelper::formatHTML($html);
}
示例8: geodir_ajax_import_export
//.........這裏部分代碼省略.........
$valid = true;
if ($post_title == '' || !in_array($post_type, $post_types)) {
$invalid++;
$valid = false;
}
$location_allowed = function_exists('geodir_cpt_no_location') && geodir_cpt_no_location($post_type) ? false : true;
if ($location_allowed) {
$location_result = geodir_get_default_location();
if ($post_address == '' || $post_city == '' || $post_region == '' || $post_country == '' || $post_latitude == '' || $post_longitude == '') {
$invalid_addr++;
$valid = false;
} else {
if (!empty($location_result) && $location_result->location_id == 0) {
if (strtolower($post_city) != strtolower($location_result->city) || strtolower($post_region) != strtolower($location_result->region) || strtolower($post_country) != strtolower($location_result->country)) {
$invalid_addr++;
$valid = false;
} else {
if (!function_exists('geodir_location_plugin_activated')) {
$gd_post['post_locations'] = '[' . $location_result->city_slug . '],[' . $location_result->region_slug . '],[' . $location_result->country_slug . ']';
// Set the default location when location manager not activated.
}
}
}
}
}
if (!$valid) {
continue;
}
$cat_taxonomy = $post_type . 'category';
$tags_taxonomy = $post_type . '_tags';
$post_category = array();
if (!empty($post_category_arr)) {
foreach ($post_category_arr as $value) {
$category_name = wp_kses_normalize_entities(trim($value));
if ($category_name != '') {
$term_category = array();
if ($term = get_term_by('name', $category_name, $cat_taxonomy)) {
$term_category = $term;
} else {
if ($term = get_term_by('slug', $category_name, $cat_taxonomy)) {
$term_category = $term;
} else {
$term_data = array();
$term_data['name'] = $category_name;
$term_data = array_map('utf8_encode', $term_data);
$term_data['taxonomy'] = $cat_taxonomy;
$term_id = geodir_imex_insert_term($cat_taxonomy, $term_data);
if ($term_id) {
$term_category = get_term($term_id, $cat_taxonomy);
}
}
}
if (!empty($term_category) && !is_wp_error($term_category)) {
//$post_category[] = $term_category->slug;
$post_category[] = intval($term_category->term_id);
}
}
}
}
$save_post = array();
$save_post['post_title'] = $post_title;
$save_post['post_content'] = $post_content;
$save_post['post_type'] = $post_type;
$save_post['post_author'] = $post_author;
$save_post['post_status'] = $post_status;
$save_post['post_category'] = $post_category;
示例9: appthemes_add_login_post_context
/**
* Adds 'login_post' context which changes URL scheme and escape URL for displaying on site
*
* @param string $url
* @param string $original_url
* @param string $context
*
* @return string
*/
function appthemes_add_login_post_context($url, $original_url, $context)
{
if ($context == 'login_post') {
$url = set_url_scheme($url, $context);
$url = wp_kses_normalize_entities($url);
$url = str_replace('&', '&', $url);
$url = str_replace("'", ''', $url);
}
return $url;
}
示例10: html_out
public function html_out($value = 0)
{
if ($value) {
return wp_kses_normalize_entities($value);
}
}
示例11: esc_url
/**
* Checks and cleans a URL.
*
* A number of characters are removed from the URL. If the URL is for displaying
* (the default behaviour) ampersands are also replaced. The 'clean_url' filter
* is applied to the returned cleaned URL.
*
* @since 2.8.0
* @uses wp_kses_bad_protocol() To only permit protocols in the URL set
* via $protocols or the common ones set in the function.
*
* @param string $url The URL to be cleaned.
* @param array $protocols Optional. An array of acceptable protocols.
* Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn' if not set.
* @param string $_context Private. Use esc_url_raw() for database usage.
* @return string The cleaned $url after the 'clean_url' filter is applied.
*/
function esc_url( $url, $protocols = null, $_context = 'display' ) {
$original_url = $url;
if ( '' == $url )
return $url;
$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
$strip = array('%0d', '%0a', '%0D', '%0A');
$url = _deep_replace($strip, $url);
$url = str_replace(';//', '://', $url);
/* If the URL doesn't appear to contain a scheme, we
* presume it needs http:// appended (unless a relative
* link starting with /, # or ? or a php file).
*/
if ( strpos($url, ':') === false && ! in_array( $url[0], array( '/', '#', '?' ) ) &&
! preg_match('/^[a-z0-9-]+?\.php/i', $url) )
$url = 'http://' . $url;
// Replace ampersands and single quotes only when displaying.
if ( 'display' == $_context ) {
$url = wp_kses_normalize_entities( $url );
$url = str_replace( '&', '&', $url );
$url = str_replace( "'", ''', $url );
}
if ( '/' === $url[0] ) {
$good_protocol_url = $url;
} else {
if ( ! is_array( $protocols ) )
$protocols = wp_allowed_protocols();
$good_protocol_url = wp_kses_bad_protocol( $url, $protocols );
if ( strtolower( $good_protocol_url ) != strtolower( $url ) )
return '';
}
/**
* Filter a string cleaned and escaped for output as a URL.
*
* @since 2.3.0
*
* @param string $good_protocol_url The cleaned URL to be returned.
* @param string $original_url The URL prior to cleaning.
* @param string $_context If 'display', replace ampersands and single quotes only.
*/
return apply_filters( 'clean_url', $good_protocol_url, $original_url, $_context );
}
示例12: bp_xprofile_bp_user_query_search
/**
* When search_terms are passed to BP_User_Query, search against xprofile fields.
*
* @since BuddyPress (2.0.0)
*
* @param array $sql Clauses in the user_id SQL query.
* @param BP_User_Query User query object.
*/
function bp_xprofile_bp_user_query_search($sql, BP_User_Query $query)
{
global $wpdb;
if (empty($query->query_vars['search_terms']) || empty($sql['where']['search'])) {
return $sql;
}
$bp = buddypress();
$search_terms_clean = bp_esc_like(wp_kses_normalize_entities($query->query_vars['search_terms']));
if ($query->query_vars['search_wildcard'] === 'left') {
$search_terms_nospace = '%' . $search_terms_clean;
$search_terms_space = '%' . $search_terms_clean . ' %';
} elseif ($query->query_vars['search_wildcard'] === 'right') {
$search_terms_nospace = $search_terms_clean . '%';
$search_terms_space = '% ' . $search_terms_clean . '%';
} else {
$search_terms_nospace = '%' . $search_terms_clean . '%';
$search_terms_space = '%' . $search_terms_clean . '%';
}
// Combine the core search (against wp_users) into a single OR clause
// with the xprofile_data search
$search_xprofile = $wpdb->prepare("u.{$query->uid_name} IN ( SELECT user_id FROM {$bp->profile->table_name_data} WHERE value LIKE %s OR value LIKE %s )", $search_terms_nospace, $search_terms_space);
$search_core = $sql['where']['search'];
$search_combined = "( {$search_xprofile} OR {$search_core} )";
$sql['where']['search'] = $search_combined;
return $sql;
}
示例13: test_wp_kses_bad_protocol
function test_wp_kses_bad_protocol() {
$bad = array(
'dummy:alert(1)',
'javascript:alert(1)',
'JaVaScRiPt:alert(1)',
'javascript:alert(1);',
'javascript:alert(1);',
'javascript:alert(1);',
'javascript:alert(1);',
'javascript:alert(1);',
'javascript:alert(1);',
'javascript:alert(1);',
'javascript:alert(1);',
'javascript:alert(1);',
'javascript:alert('XSS')',
'jav ascript:alert(1);',
'jav	ascript:alert(1);',
'jav
ascript:alert(1);',
'jav
ascript:alert(1);',
'  javascript:alert(1);',
'javascript:javascript:alert(1);',
'javascript:javascript:alert(1);',
'javascript:javascript:alert(1);',
'javascript:javascript:alert(1);',
'javascript:javascript:alert(1);',
'javascript:alert(1)//?:',
'feed:javascript:alert(1)',
'feed:javascript:feed:javascript:feed:javascript:alert(1)',
);
foreach ( $bad as $k => $x ) {
$result = wp_kses_bad_protocol( wp_kses_normalize_entities( $x ), wp_allowed_protocols() );
if ( ! empty( $result ) && $result != 'alert(1);' && $result != 'alert(1)' ) {
switch ( $k ) {
case 6: $this->assertEquals( 'javascript&#0000058alert(1);', $result ); break;
case 12:
$this->assertEquals( str_replace( '&', '&', $x ), $result );
break;
case 22: $this->assertEquals( 'javascript&#0000058alert(1);', $result ); break;
case 23: $this->assertEquals( 'javascript&#0000058alert(1)//?:', $result ); break;
case 24: $this->assertEquals( 'feed:alert(1)', $result ); break;
default: $this->fail( "wp_kses_bad_protocol failed on $x. Result: $result" );
}
}
}
$safe = array(
'dummy:alert(1)',
'HTTP://example.org/',
'http://example.org/',
'http://example.org/',
'http://example.org/',
'https://example.org',
'http://example.org/wp-admin/post.php?post=2&action=edit',
'http://example.org/index.php?test='blah'',
);
foreach ( $safe as $x ) {
$result = wp_kses_bad_protocol( wp_kses_normalize_entities( $x ), array( 'http', 'https', 'dummy' ) );
if ( $result != $x && $result != 'http://example.org/' )
$this->fail( "wp_kses_bad_protocol incorrectly blocked $x" );
}
}
示例14: wp_kses
/**
* Filters content and keeps only allowable HTML elements.
*
* This function makes sure that only the allowed HTML element names, attribute
* names and attribute values plus only sane HTML entities will occur in
* $string. You have to remove any slashes from PHP's magic quotes before you
* call this function.
*
* The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
* 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This
* covers all common link protocols, except for 'javascript' which should not
* be allowed for untrusted users.
*
* @since 1.0.0
*
* @param string $string Content to filter through kses
* @param array $allowed_html List of allowed HTML elements
* @param array $allowed_protocols Optional. Allowed protocol in links.
* @return string Filtered content with only allowed HTML elements
*/
function wp_kses($string, $allowed_html, $allowed_protocols = array())
{
if (empty($allowed_protocols)) {
$allowed_protocols = wp_allowed_protocols();
}
$string = wp_kses_no_null($string, array('slash_zero' => 'keep'));
$string = wp_kses_js_entities($string);
$string = wp_kses_normalize_entities($string);
$string = wp_kses_hook($string, $allowed_html, $allowed_protocols);
// WP changed the order of these funcs and added args to wp_kses_hook
return wp_kses_split($string, $allowed_html, $allowed_protocols);
}
示例15: prepare_user_ids_query
//.........這裏部分代碼省略.........
// blank.
break;
}
/* WHERE *************************************************************/
// 'include' - User ids to include in the results.
$include = false !== $include ? wp_parse_id_list($include) : array();
$include_ids = $this->get_include_ids($include);
if (!empty($include_ids)) {
$include_ids = implode(',', wp_parse_id_list($include_ids));
$sql['where'][] = "u.{$this->uid_name} IN ({$include_ids})";
}
// 'exclude' - User ids to exclude from the results.
if (false !== $exclude) {
$exclude_ids = implode(',', wp_parse_id_list($exclude));
$sql['where'][] = "u.{$this->uid_name} NOT IN ({$exclude_ids})";
}
// 'user_id' - When a user id is passed, limit to the friends of the user
// @todo remove need for bp_is_active() check.
if (!empty($user_id) && bp_is_active('friends')) {
$friend_ids = friends_get_friend_user_ids($user_id);
$friend_ids = implode(',', wp_parse_id_list($friend_ids));
if (!empty($friend_ids)) {
$sql['where'][] = "u.{$this->uid_name} IN ({$friend_ids})";
// If the user has no friends, the query should always
// return no users.
} else {
$sql['where'][] = $this->no_results['where'];
}
}
/* Search Terms ******************************************************/
// 'search_terms' searches user_login and user_nicename
// xprofile field matches happen in bp_xprofile_bp_user_query_search().
if (false !== $search_terms) {
$search_terms = bp_esc_like(wp_kses_normalize_entities($search_terms));
if ($search_wildcard === 'left') {
$search_terms_nospace = '%' . $search_terms;
$search_terms_space = '%' . $search_terms . ' %';
} elseif ($search_wildcard === 'right') {
$search_terms_nospace = $search_terms . '%';
$search_terms_space = '% ' . $search_terms . '%';
} else {
$search_terms_nospace = '%' . $search_terms . '%';
$search_terms_space = '%' . $search_terms . '%';
}
$sql['where']['search'] = $wpdb->prepare("u.{$this->uid_name} IN ( SELECT ID FROM {$wpdb->users} WHERE ( user_login LIKE %s OR user_login LIKE %s OR user_nicename LIKE %s OR user_nicename LIKE %s ) )", $search_terms_nospace, $search_terms_space, $search_terms_nospace, $search_terms_space);
}
// Only use $member_type__in if $member_type is not set.
if (empty($member_type) && !empty($member_type__in)) {
$member_type = $member_type__in;
}
// Member types to exclude. Note that this takes precedence over inclusions.
if (!empty($member_type__not_in)) {
$member_type_clause = $this->get_sql_clause_for_member_types($member_type__not_in, 'NOT IN');
// Member types to include.
} elseif (!empty($member_type)) {
$member_type_clause = $this->get_sql_clause_for_member_types($member_type, 'IN');
}
if (!empty($member_type_clause)) {
$sql['where']['member_type'] = $member_type_clause;
}
// 'meta_key', 'meta_value' allow usermeta search
// To avoid global joins, do a separate query.
if (false !== $meta_key) {
$meta_sql = $wpdb->prepare("SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key = %s", $meta_key);
if (false !== $meta_value) {
$meta_sql .= $wpdb->prepare(" AND meta_value = %s", $meta_value);