201 | | function wp_specialchars( $text, $quotes = 0 ) { |
202 | | // Like htmlspecialchars except don't double-encode HTML entities |
203 | | $text = str_replace('&&', '&&', $text); |
204 | | $text = str_replace('&&', '&&', $text); |
205 | | $text = preg_replace('/&(?:$|([^#])(?![a-z1-4]{1,8};))/', '&$1', $text); |
206 | | $text = str_replace('<', '<', $text); |
207 | | $text = str_replace('>', '>', $text); |
208 | | if ( 'double' === $quotes ) { |
209 | | $text = str_replace('"', '"', $text); |
210 | | } elseif ( 'single' === $quotes ) { |
211 | | $text = str_replace("'", ''', $text); |
212 | | } elseif ( $quotes ) { |
213 | | $text = str_replace('"', '"', $text); |
214 | | $text = str_replace("'", ''', $text); |
| 202 | function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) |
| 203 | { |
| 204 | $string = (string) $string; |
| 205 | |
| 206 | if ( 0 === strlen( $string ) ) { |
| 207 | return ''; |
216 | | return $text; |
| 209 | |
| 210 | if ( !$charset ) { |
| 211 | $charset = get_option( 'blog_charset' ); |
| 212 | } |
| 213 | if ( in_array( $charset, array( 'utf8', 'utf-8', 'UTF8' ) ) ) { |
| 214 | $charset = 'UTF-8'; |
| 215 | } |
| 216 | |
| 217 | switch ( $quote_style ) { |
| 218 | case ENT_QUOTES: |
| 219 | default: |
| 220 | $quote_style = ENT_QUOTES; |
| 221 | $_quote_style = ENT_QUOTES; |
| 222 | break; |
| 223 | case ENT_COMPAT: |
| 224 | case 'double': |
| 225 | $quote_style = ENT_COMPAT; |
| 226 | $_quote_style = ENT_COMPAT; |
| 227 | break; |
| 228 | case 'single': |
| 229 | $quote_style = ENT_NOQUOTES; |
| 230 | $_quote_style = 'single'; |
| 231 | break; |
| 232 | case ENT_NOQUOTES: |
| 233 | case false: |
| 234 | case 0: |
| 235 | case '': |
| 236 | case null: |
| 237 | $quote_style = ENT_NOQUOTES; |
| 238 | $_quote_style = ENT_NOQUOTES; |
| 239 | break; |
| 240 | } |
| 241 | |
| 242 | // Handle double encoding ourselves |
| 243 | if ( !$double_encode ) { |
| 244 | $string = wp_specialchars_decode( $string, $_quote_style ); |
| 245 | $string = preg_replace( '/&(#?x?[0-9]+|[a-z]+);/i', '|wp_entity|$1|/wp_entity|', $string ); |
| 246 | } |
| 247 | |
| 248 | $string = htmlspecialchars( $string, $quote_style, $charset ); |
| 249 | |
| 250 | // Handle double encoding ourselves |
| 251 | if ( !$double_encode ) { |
| 252 | $string = str_replace( array( '|wp_entity|', '|/wp_entity|' ), array( '&', ';' ), $string ); |
| 253 | } |
| 254 | |
| 255 | // Backwards compatibility |
| 256 | if ( 'single' === $_quote_style ) { |
| 257 | $string = str_replace( "'", ''', $string ); |
| 258 | } |
| 259 | |
| 260 | return $string; |
| 264 | * Converts a number of HTML entities into their special characters. |
| 265 | * |
| 266 | * Specifically deals with: &, <, >, ", and '. |
| 267 | * |
| 268 | * $quote_style can be set to ENT_COMPAT to decode " entities, |
| 269 | * or ENT_QUOTES to do both " and '. Default is ENT_NOQUOTES where no quotes are decoded. |
| 270 | * |
| 271 | * @since 2.8 |
| 272 | * |
| 273 | * @param string $string The text which is to be decoded. |
| 274 | * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES. |
| 275 | * @return string The decoded text without HTML entities. |
| 276 | */ |
| 277 | function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) |
| 278 | { |
| 279 | $string = (string) $string; |
| 280 | |
| 281 | if ( 0 === strlen( $string ) ) { |
| 282 | return ''; |
| 283 | } |
| 284 | |
| 285 | // More complete than get_html_translation_table( HTML_SPECIALCHARS ) |
| 286 | $single = array( ''' => '\'', ''' => '\'' ); |
| 287 | $single_preg = array( '/�*39;/' => ''', '/�*27;/i' => ''' ); |
| 288 | $double = array( '"' => '"', '"' => '"', '"' => '"' ); |
| 289 | $double_preg = array( '/�*34;/' => '"', '/�*22;/i' => '"' ); |
| 290 | $others = array( '<' => '<', '<' => '<', '>' => '>', '>' => '>', '&' => '&', '&' => '&', '&' => '&' ); |
| 291 | $others_preg = array( '/�*60;/' => '<', '/�*62;/' => '>', '/�*38;/' => '&', '/�*26;/i' => '&' ); |
| 292 | |
| 293 | switch ( $quote_style ) { |
| 294 | case ENT_QUOTES: |
| 295 | default: |
| 296 | $translation = array_merge( $single, $double, $others ); |
| 297 | $translation_preg = array_merge( $single_preg, $double_preg, $others_preg ); |
| 298 | break; |
| 299 | case ENT_COMPAT: |
| 300 | case 'double': |
| 301 | $translation = array_merge( $double, $others ); |
| 302 | $translation_preg = array_merge( $double_preg, $others_preg ); |
| 303 | break; |
| 304 | case 'single': |
| 305 | $translation = array_merge( $single, $others ); |
| 306 | $translation_preg = array_merge( $single_preg, $others_preg ); |
| 307 | break; |
| 308 | case ENT_NOQUOTES: |
| 309 | case false: |
| 310 | case 0: |
| 311 | case '': |
| 312 | case null: |
| 313 | $translation = $others; |
| 314 | $translation_preg = $others_preg; |
| 315 | break; |
| 316 | } |
| 317 | |
| 318 | // Remove zero padding on numeric entities |
| 319 | $string = preg_replace( array_keys( $translation_preg ), array_values( $translation_preg ), $string ); |
| 320 | |
| 321 | // Replace characters according to translation table |
| 322 | return strtr( $string, $translation ); |
| 323 | } |
| 324 | |
| 325 | /** |
| 326 | * Checks for invalid UTF8 in a string. |
| 327 | * |
| 328 | * @since 2.8 |
| 329 | * |
| 330 | * @param string $string The text which is to be checked. |
| 331 | * @param boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false. |
| 332 | * @return string The checked text. |
| 333 | */ |
| 334 | function wp_check_invalid_utf8( $string, $strip = false ) |
| 335 | { |
| 336 | $string = (string) $string; |
| 337 | |
| 338 | if ( 0 === strlen( $string ) ) { |
| 339 | return ''; |
| 340 | } |
| 341 | |
| 342 | if ( !in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) { |
| 343 | return $string; |
| 344 | } |
| 345 | |
| 346 | // preg_match fails when it encounters invalid UTF8 in $string |
| 347 | if ( 1 === @preg_match( '@^.@us', $string ) ) { |
| 348 | return $string; |
| 349 | } |
| 350 | |
| 351 | if ( $strip && function_exists( 'iconv' ) ) { |
| 352 | return iconv( 'utf-8', 'utf-8', $string ); |
| 353 | } else { |
| 354 | return ''; |
| 355 | } |
| 356 | } |
| 357 | |
| 358 | /** |
1745 | | $safe_text = wp_specialchars($text, 'double'); |
1746 | | $safe_text = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes($safe_text)); |
1747 | | $safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text)); |
1748 | | return apply_filters('js_escape', $safe_text, $text); |
| 1884 | $safe_text = wp_check_invalid_utf8( $text ); |
| 1885 | $safe_text = wp_specialchars( $safe_text, ENT_COMPAT ); |
| 1886 | $safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) ); |
| 1887 | $safe_text = preg_replace( "/\r?\n/", "\\n", addslashes( $safe_text ) ); |
| 1888 | return apply_filters( 'js_escape', $safe_text, $text ); |