| 201 | | function wp_specialchars( $text, $quotes = 0 ) { |
| 202 | | // Like htmlspecialchars except don't double-encode HTML entities |
| 203 | | $text = str_replace('&&', '&&', $text); |
| 204 | | $text = str_replace('&&', '&&', $text); |
| 205 | | $text = preg_replace('/&(?:$|([^#])(?![a-z1-4]{1,8};))/', '&$1', $text); |
| 206 | | $text = str_replace('<', '<', $text); |
| 207 | | $text = str_replace('>', '>', $text); |
| 208 | | if ( 'double' === $quotes ) { |
| 209 | | $text = str_replace('"', '"', $text); |
| 210 | | } elseif ( 'single' === $quotes ) { |
| 211 | | $text = str_replace("'", ''', $text); |
| 212 | | } elseif ( $quotes ) { |
| 213 | | $text = str_replace('"', '"', $text); |
| 214 | | $text = str_replace("'", ''', $text); |
| | 202 | function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) |
| | 203 | { |
| | 204 | $string = (string) $string; |
| | 205 | |
| | 206 | if ( 0 === strlen( $string ) ) { |
| | 207 | return ''; |
| 216 | | return $text; |
| | 209 | |
| | 210 | if ( !$charset ) { |
| | 211 | $charset = get_option( 'blog_charset' ); |
| | 212 | } |
| | 213 | if ( in_array( $charset, array( 'utf8', 'utf-8', 'UTF8' ) ) ) { |
| | 214 | $charset = 'UTF-8'; |
| | 215 | } |
| | 216 | |
| | 217 | switch ( $quote_style ) { |
| | 218 | case ENT_QUOTES: |
| | 219 | default: |
| | 220 | $quote_style = ENT_QUOTES; |
| | 221 | $_quote_style = ENT_QUOTES; |
| | 222 | break; |
| | 223 | case ENT_COMPAT: |
| | 224 | case 'double': |
| | 225 | $quote_style = ENT_COMPAT; |
| | 226 | $_quote_style = ENT_COMPAT; |
| | 227 | break; |
| | 228 | case 'single': |
| | 229 | $quote_style = ENT_NOQUOTES; |
| | 230 | $_quote_style = 'single'; |
| | 231 | break; |
| | 232 | case ENT_NOQUOTES: |
| | 233 | case false: |
| | 234 | case 0: |
| | 235 | case '': |
| | 236 | case null: |
| | 237 | $quote_style = ENT_NOQUOTES; |
| | 238 | $_quote_style = ENT_NOQUOTES; |
| | 239 | break; |
| | 240 | } |
| | 241 | |
| | 242 | // Handle double encoding ourselves |
| | 243 | if ( !$double_encode ) { |
| | 244 | $string = wp_specialchars_decode( $string, $_quote_style ); |
| | 245 | $string = preg_replace( '/&(#?x?[0-9]+|[a-z]+);/i', '|wp_entity|$1|/wp_entity|', $string ); |
| | 246 | } |
| | 247 | |
| | 248 | $string = htmlspecialchars( $string, $quote_style, $charset ); |
| | 249 | |
| | 250 | // Handle double encoding ourselves |
| | 251 | if ( !$double_encode ) { |
| | 252 | $string = str_replace( array( '|wp_entity|', '|/wp_entity|' ), array( '&', ';' ), $string ); |
| | 253 | } |
| | 254 | |
| | 255 | // Backwards compatibility |
| | 256 | if ( 'single' === $_quote_style ) { |
| | 257 | $string = str_replace( "'", ''', $string ); |
| | 258 | } |
| | 259 | |
| | 260 | return $string; |
| | 264 | * Converts a number of HTML entities into their special characters. |
| | 265 | * |
| | 266 | * Specifically deals with: &, <, >, ", and '. |
| | 267 | * |
| | 268 | * $quote_style can be set to ENT_COMPAT to decode " entities, |
| | 269 | * or ENT_QUOTES to do both " and '. Default is ENT_NOQUOTES where no quotes are decoded. |
| | 270 | * |
| | 271 | * @since 2.8 |
| | 272 | * |
| | 273 | * @param string $string The text which is to be decoded. |
| | 274 | * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES. |
| | 275 | * @return string The decoded text without HTML entities. |
| | 276 | */ |
| | 277 | function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) |
| | 278 | { |
| | 279 | $string = (string) $string; |
| | 280 | |
| | 281 | if ( 0 === strlen( $string ) ) { |
| | 282 | return ''; |
| | 283 | } |
| | 284 | |
| | 285 | // More complete than get_html_translation_table( HTML_SPECIALCHARS ) |
| | 286 | $single = array( ''' => '\'', ''' => '\'' ); |
| | 287 | $single_preg = array( '/�*39;/' => ''', '/�*27;/i' => ''' ); |
| | 288 | $double = array( '"' => '"', '"' => '"', '"' => '"' ); |
| | 289 | $double_preg = array( '/�*34;/' => '"', '/�*22;/i' => '"' ); |
| | 290 | $others = array( '<' => '<', '<' => '<', '>' => '>', '>' => '>', '&' => '&', '&' => '&', '&' => '&' ); |
| | 291 | $others_preg = array( '/�*60;/' => '<', '/�*62;/' => '>', '/�*38;/' => '&', '/�*26;/i' => '&' ); |
| | 292 | |
| | 293 | switch ( $quote_style ) { |
| | 294 | case ENT_QUOTES: |
| | 295 | default: |
| | 296 | $translation = array_merge( $single, $double, $others ); |
| | 297 | $translation_preg = array_merge( $single_preg, $double_preg, $others_preg ); |
| | 298 | break; |
| | 299 | case ENT_COMPAT: |
| | 300 | case 'double': |
| | 301 | $translation = array_merge( $double, $others ); |
| | 302 | $translation_preg = array_merge( $double_preg, $others_preg ); |
| | 303 | break; |
| | 304 | case 'single': |
| | 305 | $translation = array_merge( $single, $others ); |
| | 306 | $translation_preg = array_merge( $single_preg, $others_preg ); |
| | 307 | break; |
| | 308 | case ENT_NOQUOTES: |
| | 309 | case false: |
| | 310 | case 0: |
| | 311 | case '': |
| | 312 | case null: |
| | 313 | $translation = $others; |
| | 314 | $translation_preg = $others_preg; |
| | 315 | break; |
| | 316 | } |
| | 317 | |
| | 318 | // Remove zero padding on numeric entities |
| | 319 | $string = preg_replace( array_keys( $translation_preg ), array_values( $translation_preg ), $string ); |
| | 320 | |
| | 321 | // Replace characters according to translation table |
| | 322 | return strtr( $string, $translation ); |
| | 323 | } |
| | 324 | |
| | 325 | /** |
| | 326 | * Checks for invalid UTF8 in a string. |
| | 327 | * |
| | 328 | * @since 2.8 |
| | 329 | * |
| | 330 | * @param string $string The text which is to be checked. |
| | 331 | * @param boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false. |
| | 332 | * @return string The checked text. |
| | 333 | */ |
| | 334 | function wp_check_invalid_utf8( $string, $strip = false ) |
| | 335 | { |
| | 336 | $string = (string) $string; |
| | 337 | |
| | 338 | if ( 0 === strlen( $string ) ) { |
| | 339 | return ''; |
| | 340 | } |
| | 341 | |
| | 342 | if ( !in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) { |
| | 343 | return $string; |
| | 344 | } |
| | 345 | |
| | 346 | // preg_match fails when it encounters invalid UTF8 in $string |
| | 347 | if ( 1 === @preg_match( '@^.@us', $string ) ) { |
| | 348 | return $string; |
| | 349 | } |
| | 350 | |
| | 351 | if ( $strip && function_exists( 'iconv' ) ) { |
| | 352 | return iconv( 'utf-8', 'utf-8', $string ); |
| | 353 | } else { |
| | 354 | return ''; |
| | 355 | } |
| | 356 | } |
| | 357 | |
| | 358 | /** |
| 1745 | | $safe_text = wp_specialchars($text, 'double'); |
| 1746 | | $safe_text = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes($safe_text)); |
| 1747 | | $safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text)); |
| 1748 | | return apply_filters('js_escape', $safe_text, $text); |
| | 1884 | $safe_text = wp_check_invalid_utf8( $text ); |
| | 1885 | $safe_text = wp_specialchars( $safe_text, ENT_COMPAT ); |
| | 1886 | $safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) ); |
| | 1887 | $safe_text = preg_replace( "/\r?\n/", "\\n", addslashes( $safe_text ) ); |
| | 1888 | return apply_filters( 'js_escape', $safe_text, $text ); |
