WordPress.org

Make WordPress Core

Context Navigation

source: tags/2.7/wp-includes/formatting.php

Visit:

Last change on this file was 10150, checked in by ryan, 13 years ago
Strip trailing whitespace
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 66.5 KB

Line
1	<?php
2	/**
3	* Main Wordpress Formatting API.
4	*
5	* Handles many functions for formatting output.
6	*
7	* @package WordPress
8	**/
9
10	/**
11	* Replaces common plain text characters into formatted entities
12	*
13	* As an example,
14	* <code>
15	* 'cause today's effort makes it worth tomorrow's "holiday"...
16	* </code>
17	* Becomes:
18	* <code>
19	* ’cause today’s effort makes it worth tomorrow’s “holiday”…
20	* </code>
21	* Code within certain html blocks are skipped.
22	*
23	* @since 0.71
24	* @uses $wp_cockneyreplace Array of formatted entities for certain common phrases
25	*
26	* @param string $text The text to be formatted
27	* @return string The string replaced with html entities
28	*/
29	function wptexturize($text) {
30	global $wp_cockneyreplace;
31	$next = true;
32	$has_pre_parent = false;
33	$output = '';
34	$curl = '';
35	$textarr = preg_split('/(<.>\|\[.\])/Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
36	$stop = count($textarr);
37
38	// if a plugin has provided an autocorrect array, use it
39	if ( isset($wp_cockneyreplace) ) {
40	$cockney = array_keys($wp_cockneyreplace);
41	$cockneyreplace = array_values($wp_cockneyreplace);
42	} else {
43	$cockney = array("'tain't","'twere","'twas","'tis","'twill","'til","'bout","'nuff","'round","'cause");
44	$cockneyreplace = array("’tain’t","’twere","’twas","’tis","’twill","’til","’bout","’nuff","’round","’cause");
45	}
46
47	$static_characters = array_merge(array('---', ' -- ', '--', 'xn–', '...', '``', '\'s', '\'\'', ' (tm)'), $cockney);
48	$static_replacements = array_merge(array('—', ' — ', '–', 'xn--', '…', '“', '’s', '”', ' ™'), $cockneyreplace);
49
50	$dynamic_characters = array('/\'(\d\d(?:’\|\')?s)/', '/(\s\|\A\|")\'/', '/(\d+)"/', '/(\d+)\'/', '/(\S)\'([^\'\s])/', '/(\s\|\A)"(?!\s)/', '/"(\s\|\S\|\Z)/', '/\'([\s.]\|\Z)/', '/(\d+)x(\d+)/');
51	$dynamic_replacements = array('’$1','$1‘', '$1″', '$1′', '$1’$2', '$1“$2', '”$1', '’$1', '$1×$2');
52
53	for ( $i = 0; $i < $stop; $i++ ) {
54	$curl = $textarr[$i];
55
56	if ( !empty($curl) && '<' != $curl{0} && '[' != $curl{0} && $next && !$has_pre_parent) { // If it's not a tag
57	// static strings
58	$curl = str_replace($static_characters, $static_replacements, $curl);
59	// regular expressions
60	$curl = preg_replace($dynamic_characters, $dynamic_replacements, $curl);
61	} elseif (strpos($curl, '<code') !== false \|\| strpos($curl, '<kbd') !== false \|\| strpos($curl, '<style') !== false \|\| strpos($curl, '<script') !== false) {
62	$next = false;
63	} elseif (strpos($curl, '<pre') !== false) {
64	$has_pre_parent = true;
65	} elseif (strpos($curl, '</pre>') !== false) {
66	$has_pre_parent = false;
67	} else {
68	$next = true;
69	}
70
71	$curl = preg_replace('/&([^#])(?![a-zA-Z1-4]{1,8};)/', '&$1', $curl);
72	$output .= $curl;
73	}
74
75	return $output;
76	}
77
78	/**
79	* Accepts matches array from preg_replace_callback in wpautop() or a string.
80	*
81	* Ensures that the contents of a <<pre>>...<</pre>> HTML block are not
82	* converted into paragraphs or line-breaks.
83	*
84	* @since 1.2.0
85	*
86	* @param array\|string $matches The array or string
87	* @return string The pre block without paragraph/line-break conversion.
88	*/
89	function clean_pre($matches) {
90	if ( is_array($matches) )
91	$text = $matches[1] . $matches[2] . "</pre>";
92	else
93	$text = $matches;
94
95	$text = str_replace('<br />', '', $text);
96	$text = str_replace('<p>', "\n", $text);
97	$text = str_replace('</p>', '', $text);
98
99	return $text;
100	}
101
102	/**
103	* Replaces double line-breaks with paragraph elements.
104	*
105	* A group of regex replaces used to identify text formatted with newlines and
106	* replace double line-breaks with HTML paragraph tags. The remaining
107	* line-breaks after conversion become <<br />> tags, unless $br is set to '0'
108	* or 'false'.
109	*
110	* @since 0.71
111	*
112	* @param string $pee The text which has to be formatted.
113	* @param int\|bool $br Optional. If set, this will convert all remaining line-breaks after paragraphing. Default true.
114	* @return string Text which has been converted into correct paragraph tags.
115	*/
116	function wpautop($pee, $br = 1) {
117	$pee = $pee . "\n"; // just to make things a little easier, pad the end
118	$pee = preg_replace('\|<br />\s*<br />\|', "\n\n", $pee);
119	// Space things out a little
120	$allblocks = '(?:table\|thead\|tfoot\|caption\|colgroup\|tbody\|tr\|td\|th\|div\|dl\|dd\|dt\|ul\|ol\|li\|pre\|select\|form\|map\|area\|blockquote\|address\|math\|style\|input\|p\|h[1-6]\|hr)';
121	$pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee);
122	$pee = preg_replace('!(</' . $allblocks . '>)!', "$1\n\n", $pee);
123	$pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines
124	if ( strpos($pee, '<object') !== false ) {
125	$pee = preg_replace('\|\s<param([^>])>\s*\|', "<param$1>", $pee); // no pee inside object/embed
126	$pee = preg_replace('\|\s</embed>\s\|', '</embed>', $pee);
127	}
128	$pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates
129	// make paragraphs, including one at the end
130	$pees = preg_split('/\n\s*\n/', $pee, -1, PREG_SPLIT_NO_EMPTY);
131	$pee = '';
132	foreach ( $pees as $tinkle )
133	$pee .= '<p>' . trim($tinkle, "\n") . "</p>\n";
134	$pee = preg_replace('\|<p>\s*?</p>\|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace
135	$pee = preg_replace('!<p>([^<]+)\s?(</(?:div\|address\|form)[^>]>)!', "<p>$1</p>$2", $pee);
136	$pee = preg_replace( '\|<p>\|', "$1<p>", $pee );
137	$pee = preg_replace('!<p>\s(</?' . $allblocks . '[^>]>)\s*</p>!', "$1", $pee); // don't pee all over a tag
138	$pee = preg_replace("\|<p>(<li.+?)</p>\|", "$1", $pee); // problem with nested lists
139	$pee = preg_replace('\|<p><blockquote([^>]*)>\|i', "<blockquote$1><p>", $pee);
140	$pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee);
141	$pee = preg_replace('!<p>\s(</?' . $allblocks . '[^>]>)!', "$1", $pee);
142	$pee = preg_replace('!(</?' . $allblocks . '[^>]>)\s</p>!', "$1", $pee);
143	if ($br) {
144	$pee = preg_replace_callback('/<(script\|style).*?<\/\\1>/s', create_function('$matches', 'return str_replace("\n", "<WPPreserveNewline />", $matches[0]);'), $pee);
145	$pee = preg_replace('\|(?<!<br />)\s*\n\|', "<br />\n", $pee); // optionally make line breaks
146	$pee = str_replace('<WPPreserveNewline />', "\n", $pee);
147	}
148	$pee = preg_replace('!(</?' . $allblocks . '[^>]>)\s<br />!', "$1", $pee);
149	$pee = preg_replace('!<br />(\s</?(?:p\|li\|div\|dl\|dd\|dt\|th\|pre\|td\|ul\|ol)[^>]>)!', '$1', $pee);
150	if (strpos($pee, '<pre') !== false)
151	$pee = preg_replace_callback('!(<pre.?>)(.?)</pre>!is', 'clean_pre', $pee );
152	$pee = preg_replace( "\|\n</p>$\|", '</p>', $pee );
153	$pee = preg_replace('/<p>\s?(' . get_shortcode_regex() . ')\s<\/p>/s', '$1', $pee); // don't auto-p wrap shortcodes that stand alone
154
155	return $pee;
156	}
157
158	/**
159	* Checks to see if a string is utf8 encoded.
160	*
161	* @author bmorel at ssi dot fr
162	*
163	* @since 1.2.1
164	*
165	* @param string $Str The string to be checked
166	* @return bool True if $Str fits a UTF-8 model, false otherwise.
167	*/
168	function seems_utf8($Str) { # by bmorel at ssi dot fr
169	$length = strlen($Str);
170	for ($i=0; $i < $length; $i++) {
171	if (ord($Str[$i]) < 0x80) continue; # 0bbbbbbb
172	elseif ((ord($Str[$i]) & 0xE0) == 0xC0) $n=1; # 110bbbbb
173	elseif ((ord($Str[$i]) & 0xF0) == 0xE0) $n=2; # 1110bbbb
174	elseif ((ord($Str[$i]) & 0xF8) == 0xF0) $n=3; # 11110bbb
175	elseif ((ord($Str[$i]) & 0xFC) == 0xF8) $n=4; # 111110bb
176	elseif ((ord($Str[$i]) & 0xFE) == 0xFC) $n=5; # 1111110b
177	else return false; # Does not match any model
178	for ($j=0; $j<$n; $j++) { # n bytes matching 10bbbbbb follow ?
179	if ((++$i == $length) \|\| ((ord($Str[$i]) & 0xC0) != 0x80))
180	return false;
181	}
182	}
183	return true;
184	}
185
186	/**
187	* Converts a number of special characters into their HTML entities.
188	*
189	* Differs from htmlspecialchars as existing HTML entities will not be encoded.
190	* Specifically changes: & to &, < to < and > to >.
191	*
192	* $quotes can be set to 'single' to encode ' to ', 'double' to encode " to
193	* ", or '1' to do both. Default is 0 where no quotes are encoded.
194	*
195	* @since 1.2.2
196	*
197	* @param string $text The text which is to be encoded.
198	* @param mixed $quotes Optional. Converts single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default 0.
199	* @return string The encoded text with HTML entities.
200	*/
201	function wp_specialchars( $text, $quotes = 0 ) {
202	// Like htmlspecialchars except don't double-encode HTML entities
203	$text = str_replace('&&', '&&', $text);
204	$text = str_replace('&&', '&&', $text);
205	$text = preg_replace('/&(?:$\|([^#])(?![a-z1-4]{1,8};))/', '&$1', $text);
206	$text = str_replace('<', '<', $text);
207	$text = str_replace('>', '>', $text);
208	if ( 'double' === $quotes ) {
209	$text = str_replace('"', '"', $text);
210	} elseif ( 'single' === $quotes ) {
211	$text = str_replace("'", ''', $text);
212	} elseif ( $quotes ) {
213	$text = str_replace('"', '"', $text);
214	$text = str_replace("'", ''', $text);
215	}
216	return $text;
217	}
218
219	/**
220	* Encode the Unicode values to be used in the URI.
221	*
222	* @since 1.5.0
223	*
224	* @param string $utf8_string
225	* @param int $length Max length of the string
226	* @return string String with Unicode encoded for URI.
227	*/
228	function utf8_uri_encode( $utf8_string, $length = 0 ) {
229	$unicode = '';
230	$values = array();
231	$num_octets = 1;
232	$unicode_length = 0;
233
234	$string_length = strlen( $utf8_string );
235	for ($i = 0; $i < $string_length; $i++ ) {
236
237	$value = ord( $utf8_string[ $i ] );
238
239	if ( $value < 128 ) {
240	if ( $length && ( $unicode_length >= $length ) )
241	break;
242	$unicode .= chr($value);
243	$unicode_length++;
244	} else {
245	if ( count( $values ) == 0 ) $num_octets = ( $value < 224 ) ? 2 : 3;
246
247	$values[] = $value;
248
249	if ( $length && ( $unicode_length + ($num_octets * 3) ) > $length )
250	break;
251	if ( count( $values ) == $num_octets ) {
252	if ($num_octets == 3) {
253	$unicode .= '%' . dechex($values[0]) . '%' . dechex($values[1]) . '%' . dechex($values[2]);
254	$unicode_length += 9;
255	} else {
256	$unicode .= '%' . dechex($values[0]) . '%' . dechex($values[1]);
257	$unicode_length += 6;
258	}
259
260	$values = array();
261	$num_octets = 1;
262	}
263	}
264	}
265
266	return $unicode;
267	}
268
269	/**
270	* Converts all accent characters to ASCII characters.
271	*
272	* If there are no accent characters, then the string given is just returned.
273	*
274	* @since 1.2.1
275	*
276	* @param string $string Text that might have accent characters
277	* @return string Filtered string with replaced "nice" characters.
278	*/
279	function remove_accents($string) {
280	if ( !preg_match('/[\x80-\xff]/', $string) )
281	return $string;
282
283	if (seems_utf8($string)) {
284	$chars = array(
285	// Decompositions for Latin-1 Supplement
286	chr(195).chr(128) => 'A', chr(195).chr(129) => 'A',
287	chr(195).chr(130) => 'A', chr(195).chr(131) => 'A',
288	chr(195).chr(132) => 'A', chr(195).chr(133) => 'A',
289	chr(195).chr(135) => 'C', chr(195).chr(136) => 'E',
290	chr(195).chr(137) => 'E', chr(195).chr(138) => 'E',
291	chr(195).chr(139) => 'E', chr(195).chr(140) => 'I',
292	chr(195).chr(141) => 'I', chr(195).chr(142) => 'I',
293	chr(195).chr(143) => 'I', chr(195).chr(145) => 'N',
294	chr(195).chr(146) => 'O', chr(195).chr(147) => 'O',
295	chr(195).chr(148) => 'O', chr(195).chr(149) => 'O',
296	chr(195).chr(150) => 'O', chr(195).chr(153) => 'U',
297	chr(195).chr(154) => 'U', chr(195).chr(155) => 'U',
298	chr(195).chr(156) => 'U', chr(195).chr(157) => 'Y',
299	chr(195).chr(159) => 's', chr(195).chr(160) => 'a',
300	chr(195).chr(161) => 'a', chr(195).chr(162) => 'a',
301	chr(195).chr(163) => 'a', chr(195).chr(164) => 'a',
302	chr(195).chr(165) => 'a', chr(195).chr(167) => 'c',
303	chr(195).chr(168) => 'e', chr(195).chr(169) => 'e',
304	chr(195).chr(170) => 'e', chr(195).chr(171) => 'e',
305	chr(195).chr(172) => 'i', chr(195).chr(173) => 'i',
306	chr(195).chr(174) => 'i', chr(195).chr(175) => 'i',
307	chr(195).chr(177) => 'n', chr(195).chr(178) => 'o',
308	chr(195).chr(179) => 'o', chr(195).chr(180) => 'o',
309	chr(195).chr(181) => 'o', chr(195).chr(182) => 'o',
310	chr(195).chr(182) => 'o', chr(195).chr(185) => 'u',
311	chr(195).chr(186) => 'u', chr(195).chr(187) => 'u',
312	chr(195).chr(188) => 'u', chr(195).chr(189) => 'y',
313	chr(195).chr(191) => 'y',
314	// Decompositions for Latin Extended-A
315	chr(196).chr(128) => 'A', chr(196).chr(129) => 'a',
316	chr(196).chr(130) => 'A', chr(196).chr(131) => 'a',
317	chr(196).chr(132) => 'A', chr(196).chr(133) => 'a',
318	chr(196).chr(134) => 'C', chr(196).chr(135) => 'c',
319	chr(196).chr(136) => 'C', chr(196).chr(137) => 'c',
320	chr(196).chr(138) => 'C', chr(196).chr(139) => 'c',
321	chr(196).chr(140) => 'C', chr(196).chr(141) => 'c',
322	chr(196).chr(142) => 'D', chr(196).chr(143) => 'd',
323	chr(196).chr(144) => 'D', chr(196).chr(145) => 'd',
324	chr(196).chr(146) => 'E', chr(196).chr(147) => 'e',
325	chr(196).chr(148) => 'E', chr(196).chr(149) => 'e',
326	chr(196).chr(150) => 'E', chr(196).chr(151) => 'e',
327	chr(196).chr(152) => 'E', chr(196).chr(153) => 'e',
328	chr(196).chr(154) => 'E', chr(196).chr(155) => 'e',
329	chr(196).chr(156) => 'G', chr(196).chr(157) => 'g',
330	chr(196).chr(158) => 'G', chr(196).chr(159) => 'g',
331	chr(196).chr(160) => 'G', chr(196).chr(161) => 'g',
332	chr(196).chr(162) => 'G', chr(196).chr(163) => 'g',
333	chr(196).chr(164) => 'H', chr(196).chr(165) => 'h',
334	chr(196).chr(166) => 'H', chr(196).chr(167) => 'h',
335	chr(196).chr(168) => 'I', chr(196).chr(169) => 'i',
336	chr(196).chr(170) => 'I', chr(196).chr(171) => 'i',
337	chr(196).chr(172) => 'I', chr(196).chr(173) => 'i',
338	chr(196).chr(174) => 'I', chr(196).chr(175) => 'i',
339	chr(196).chr(176) => 'I', chr(196).chr(177) => 'i',
340	chr(196).chr(178) => 'IJ',chr(196).chr(179) => 'ij',
341	chr(196).chr(180) => 'J', chr(196).chr(181) => 'j',
342	chr(196).chr(182) => 'K', chr(196).chr(183) => 'k',
343	chr(196).chr(184) => 'k', chr(196).chr(185) => 'L',
344	chr(196).chr(186) => 'l', chr(196).chr(187) => 'L',
345	chr(196).chr(188) => 'l', chr(196).chr(189) => 'L',
346	chr(196).chr(190) => 'l', chr(196).chr(191) => 'L',
347	chr(197).chr(128) => 'l', chr(197).chr(129) => 'L',
348	chr(197).chr(130) => 'l', chr(197).chr(131) => 'N',
349	chr(197).chr(132) => 'n', chr(197).chr(133) => 'N',
350	chr(197).chr(134) => 'n', chr(197).chr(135) => 'N',
351	chr(197).chr(136) => 'n', chr(197).chr(137) => 'N',
352	chr(197).chr(138) => 'n', chr(197).chr(139) => 'N',
353	chr(197).chr(140) => 'O', chr(197).chr(141) => 'o',
354	chr(197).chr(142) => 'O', chr(197).chr(143) => 'o',
355	chr(197).chr(144) => 'O', chr(197).chr(145) => 'o',
356	chr(197).chr(146) => 'OE',chr(197).chr(147) => 'oe',
357	chr(197).chr(148) => 'R',chr(197).chr(149) => 'r',
358	chr(197).chr(150) => 'R',chr(197).chr(151) => 'r',
359	chr(197).chr(152) => 'R',chr(197).chr(153) => 'r',
360	chr(197).chr(154) => 'S',chr(197).chr(155) => 's',
361	chr(197).chr(156) => 'S',chr(197).chr(157) => 's',
362	chr(197).chr(158) => 'S',chr(197).chr(159) => 's',
363	chr(197).chr(160) => 'S', chr(197).chr(161) => 's',
364	chr(197).chr(162) => 'T', chr(197).chr(163) => 't',
365	chr(197).chr(164) => 'T', chr(197).chr(165) => 't',
366	chr(197).chr(166) => 'T', chr(197).chr(167) => 't',
367	chr(197).chr(168) => 'U', chr(197).chr(169) => 'u',
368	chr(197).chr(170) => 'U', chr(197).chr(171) => 'u',
369	chr(197).chr(172) => 'U', chr(197).chr(173) => 'u',
370	chr(197).chr(174) => 'U', chr(197).chr(175) => 'u',
371	chr(197).chr(176) => 'U', chr(197).chr(177) => 'u',
372	chr(197).chr(178) => 'U', chr(197).chr(179) => 'u',
373	chr(197).chr(180) => 'W', chr(197).chr(181) => 'w',
374	chr(197).chr(182) => 'Y', chr(197).chr(183) => 'y',
375	chr(197).chr(184) => 'Y', chr(197).chr(185) => 'Z',
376	chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z',
377	chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
378	chr(197).chr(190) => 'z', chr(197).chr(191) => 's',
379	// Euro Sign
380	chr(226).chr(130).chr(172) => 'E',
381	// GBP (Pound) Sign
382	chr(194).chr(163) => '');
383
384	$string = strtr($string, $chars);
385	} else {
386	// Assume ISO-8859-1 if not UTF-8
387	$chars['in'] = chr(128).chr(131).chr(138).chr(142).chr(154).chr(158)
388	.chr(159).chr(162).chr(165).chr(181).chr(192).chr(193).chr(194)
389	.chr(195).chr(196).chr(197).chr(199).chr(200).chr(201).chr(202)
390	.chr(203).chr(204).chr(205).chr(206).chr(207).chr(209).chr(210)
391	.chr(211).chr(212).chr(213).chr(214).chr(216).chr(217).chr(218)
392	.chr(219).chr(220).chr(221).chr(224).chr(225).chr(226).chr(227)
393	.chr(228).chr(229).chr(231).chr(232).chr(233).chr(234).chr(235)
394	.chr(236).chr(237).chr(238).chr(239).chr(241).chr(242).chr(243)
395	.chr(244).chr(245).chr(246).chr(248).chr(249).chr(250).chr(251)
396	.chr(252).chr(253).chr(255);
397
398	$chars['out'] = "EfSZszYcYuAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy";
399
400	$string = strtr($string, $chars['in'], $chars['out']);
401	$double_chars['in'] = array(chr(140), chr(156), chr(198), chr(208), chr(222), chr(223), chr(230), chr(240), chr(254));
402	$double_chars['out'] = array('OE', 'oe', 'AE', 'DH', 'TH', 'ss', 'ae', 'dh', 'th');
403	$string = str_replace($double_chars['in'], $double_chars['out'], $string);
404	}
405
406	return $string;
407	}
408
409	/**
410	* Filters certain characters from the file name.
411	*
412	* Turns all strings to lowercase removing most characters except alphanumeric
413	* with spaces, dashes and periods. All spaces and underscores are converted to
414	* dashes. Multiple dashes are converted to a single dash. Finally, if the file
415	* name ends with a dash, it is removed.
416	*
417	* @since 2.1.0
418	*
419	* @param string $name The file name
420	* @return string Sanitized file name
421	*/
422	function sanitize_file_name( $name ) { // Like sanitize_title, but with periods
423	$name = strtolower( $name );
424	$name = preg_replace('/&.+?;/', '', $name); // kill entities
425	$name = str_replace( '_', '-', $name );
426	$name = preg_replace('/[^a-z0-9\s-.]/', '', $name);
427	$name = preg_replace('/\s+/', '-', $name);
428	$name = preg_replace('\|-+\|', '-', $name);
429	$name = trim($name, '-');
430	return $name;
431	}
432
433	/**
434	* Sanitize username stripping out unsafe characters.
435	*
436	* If $strict is true, only alphanumeric characters (as well as _, space, ., -,
437	* @) are returned.
438	* Removes tags, octets, entities, and if strict is enabled, will remove all
439	* non-ASCII characters. After sanitizing, it passes the username, raw username
440	* (the username in the parameter), and the strict parameter as parameters for
441	* the filter.
442	*
443	* @since 2.0.0
444	* @uses apply_filters() Calls 'sanitize_user' hook on username, raw username,
445	* and $strict parameter.
446	*
447	* @param string $username The username to be sanitized.
448	* @param bool $strict If set limits $username to specific characters. Default false.
449	* @return string The sanitized username, after passing through filters.
450	*/
451	function sanitize_user( $username, $strict = false ) {
452	$raw_username = $username;
453	$username = strip_tags($username);
454	// Kill octets
455	$username = preg_replace('\|%([a-fA-F0-9][a-fA-F0-9])\|', '', $username);
456	$username = preg_replace('/&.+?;/', '', $username); // Kill entities
457
458	// If strict, reduce to ASCII for max portability.
459	if ( $strict )
460	$username = preg_replace('\|[^a-z0-9 _.\-@]\|i', '', $username);
461
462	// Consolidate contiguous whitespace
463	$username = preg_replace('\|\s+\|', ' ', $username);
464
465	return apply_filters('sanitize_user', $username, $raw_username, $strict);
466	}
467
468	/**
469	* Sanitizes title or use fallback title.
470	*
471	* Specifically, HTML and PHP tags are stripped. Further actions can be added
472	* via the plugin API. If $title is empty and $fallback_title is set, the latter
473	* will be used.
474	*
475	* @since 1.0.0
476	*
477	* @param string $title The string to be sanitized.
478	* @param string $fallback_title Optional. A title to use if $title is empty.
479	* @return string The sanitized string.
480	*/
481	function sanitize_title($title, $fallback_title = '') {
482	$title = strip_tags($title);
483	$title = apply_filters('sanitize_title', $title);
484
485	if ( '' === $title \|\| false === $title )
486	$title = $fallback_title;
487
488	return $title;
489	}
490
491	/**
492	* Sanitizes title, replacing whitespace with dashes.
493	*
494	* Limits the output to alphanumeric characters, underscore (_) and dash (-).
495	* Whitespace becomes a dash.
496	*
497	* @since 1.2.0
498	*
499	* @param string $title The title to be sanitized.
500	* @return string The sanitized title.
501	*/
502	function sanitize_title_with_dashes($title) {
503	$title = strip_tags($title);
504	// Preserve escaped octets.
505	$title = preg_replace('\|%([a-fA-F0-9][a-fA-F0-9])\|', '---$1---', $title);
506	// Remove percent signs that are not part of an octet.
507	$title = str_replace('%', '', $title);
508	// Restore octets.
509	$title = preg_replace('\|---([a-fA-F0-9][a-fA-F0-9])---\|', '%$1', $title);
510
511	$title = remove_accents($title);
512	if (seems_utf8($title)) {
513	if (function_exists('mb_strtolower')) {
514	$title = mb_strtolower($title, 'UTF-8');
515	}
516	$title = utf8_uri_encode($title, 200);
517	}
518
519	$title = strtolower($title);
520	$title = preg_replace('/&.+?;/', '', $title); // kill entities
521	$title = preg_replace('/[^%a-z0-9 _-]/', '', $title);
522	$title = preg_replace('/\s+/', '-', $title);
523	$title = preg_replace('\|-+\|', '-', $title);
524	$title = trim($title, '-');
525
526	return $title;
527	}
528
529	/**
530	* Ensures a string is a valid SQL order by clause.
531	*
532	* Accepts one or more columns, with or without ASC/DESC, and also accepts
533	* RAND().
534	*
535	* @since 2.5.1
536	*
537	* @param string $orderby Order by string to be checked.
538	* @return string\|false Returns the order by clause if it is a match, false otherwise.
539	*/
540	function sanitize_sql_orderby( $orderby ){
541	preg_match('/^\s([a-z0-9_]+(\s+(ASC\|DESC))?(\s,\s\|\s$))+\|^\sRAND\(\s\)\s*$/i', $orderby, $obmatches);
542	if ( !$obmatches )
543	return false;
544	return $orderby;
545	}
546
547	/**
548	* Converts a number of characters from a string.
549	*
550	* Metadata tags <<title>> and <<category>> are removed, <<br>> and <<hr>> are
551	* converted into correct XHTML and Unicode characters are converted to the
552	* valid range.
553	*
554	* @since 0.71
555	*
556	* @param string $content String of characters to be converted.
557	* @param string $deprecated Not used.
558	* @return string Converted string.
559	*/
560	function convert_chars($content, $deprecated = '') {
561	// Translation of invalid Unicode references range to valid range
562	$wp_htmltranswinuni = array(
563	'' => '€', // the Euro sign
564	'' => '',
565	'' => '‚', // these are Windows CP1252 specific characters
566	'' => 'ƒ', // they would look weird on non-Windows browsers
567	'' => '„',
568	'' => '…',
569	'' => '†',
570	'' => '‡',
571	'' => 'ˆ',
572	'' => '‰',
573	'' => 'Š',
574	'' => '‹',
575	'' => 'Œ',
576	'' => '',
577	'' => 'ž',
578	'' => '',
579	'' => '',
580	'' => '‘',
581	'' => '’',
582	'' => '“',
583	'' => '”',
584	'' => '•',
585	'' => '–',
586	'' => '—',
587	'' => '˜',
588	'' => '™',
589	'' => 'š',
590	'' => '›',
591	'' => 'œ',
592	'' => '',
593	'' => '',
594	'' => 'Ÿ'
595	);
596
597	// Remove metadata tags
598	$content = preg_replace('/<title>(.+?)<\/title>/','',$content);
599	$content = preg_replace('/<category>(.+?)<\/category>/','',$content);
600
601	// Converts lone & characters into & (a.k.a. &)
602	$content = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/i', '&$1', $content);
603
604	// Fix Word pasting
605	$content = strtr($content, $wp_htmltranswinuni);
606
607	// Just a little XHTML help
608	$content = str_replace('<br>', '<br />', $content);
609	$content = str_replace('<hr>', '<hr />', $content);
610
611	return $content;
612	}
613
614	/**
615	* Fixes javascript bugs in browsers.
616	*
617	* Converts unicode characters to HTML numbered entities.
618	*
619	* @since 1.5.0
620	* @uses $is_macIE
621	* @uses $is_winIE
622	*
623	* @param string $text Text to be made safe.
624	* @return string Fixed text.
625	*/
626	function funky_javascript_fix($text) {
627	// Fixes for browsers' javascript bugs
628	global $is_macIE, $is_winIE;
629
630	/** @todo use preg_replace_callback() instead */
631	if ( $is_winIE \|\| $is_macIE )
632	$text = preg_replace("/\%u([0-9A-F]{4,4})/e", "'&#'.base_convert('\\1',16,10).';'", $text);
633
634	return $text;
635	}
636
637	/**
638	* Will only balance the tags if forced to and the option is set to balance tags.
639	*
640	* The option 'use_balanceTags' is used for whether the tags will be balanced.
641	* Both the $force parameter and 'use_balanceTags' option will have to be true
642	* before the tags will be balanced.
643	*
644	* @since 0.71
645	*
646	* @param string $text Text to be balanced
647	* @param bool $force Forces balancing, ignoring the value of the option. Default false.
648	* @return string Balanced text
649	*/
650	function balanceTags( $text, $force = false ) {
651	if ( !$force && get_option('use_balanceTags') == 0 )
652	return $text;
653	return force_balance_tags( $text );
654	}
655
656	/**
657	* Balances tags of string using a modified stack.
658	*
659	* @since 2.0.4
660	*
661	* @author Leonard Lin <leonard@acm.org>
662	* @license GPL v2.0
663	* @copyright November 4, 2001
664	* @version 1.1
665	* @todo Make better - change loop condition to $text in 1.2
666	* @internal Modified by Scott Reilly (coffee2code) 02 Aug 2004
667	* 1.1 Fixed handling of append/stack pop order of end text
668	* Added Cleaning Hooks
669	* 1.0 First Version
670	*
671	* @param string $text Text to be balanced.
672	* @return string Balanced text.
673	*/
674	function force_balance_tags( $text ) {
675	$tagstack = array(); $stacksize = 0; $tagqueue = ''; $newtext = '';
676	$single_tags = array('br', 'hr', 'img', 'input'); //Known single-entity/self-closing tags
677	$nestable_tags = array('blockquote', 'div', 'span'); //Tags that can be immediately nested within themselves
678
679	# WP bug fix for comments - in case you REALLY meant to type '< !--'
680	$text = str_replace('< !--', '< !--', $text);
681	# WP bug fix for LOVE <3 (and other situations with '<' before a number)
682	$text = preg_replace('#<([0-9]{1})#', '<$1', $text);
683
684	while (preg_match("/<(\/?\w)\s([^>]*)>/",$text,$regex)) {
685	$newtext .= $tagqueue;
686
687	$i = strpos($text,$regex[0]);
688	$l = strlen($regex[0]);
689
690	// clear the shifter
691	$tagqueue = '';
692	// Pop or Push
693	if ($regex[1][0] == "/") { // End Tag
694	$tag = strtolower(substr($regex[1],1));
695	// if too many closing tags
696	if($stacksize <= 0) {
697	$tag = '';
698	//or close to be safe $tag = '/' . $tag;
699	}
700	// if stacktop value = tag close value then pop
701	else if ($tagstack[$stacksize - 1] == $tag) { // found closing tag
702	$tag = '</' . $tag . '>'; // Close Tag
703	// Pop
704	array_pop ($tagstack);
705	$stacksize--;
706	} else { // closing tag not at top, search for it
707	for ($j=$stacksize-1;$j>=0;$j--) {
708	if ($tagstack[$j] == $tag) {
709	// add tag to tagqueue
710	for ($k=$stacksize-1;$k>=$j;$k--){
711	$tagqueue .= '</' . array_pop ($tagstack) . '>';
712	$stacksize--;
713	}
714	break;
715	}
716	}
717	$tag = '';
718	}
719	} else { // Begin Tag
720	$tag = strtolower($regex[1]);
721
722	// Tag Cleaning
723
724	// If self-closing or '', don't do anything.
725	if((substr($regex[2],-1) == '/') \|\| ($tag == '')) {
726	}
727	// ElseIf it's a known single-entity tag but it doesn't close itself, do so
728	elseif ( in_array($tag, $single_tags) ) {
729	$regex[2] .= '/';
730	} else { // Push the tag onto the stack
731	// If the top of the stack is the same as the tag we want to push, close previous tag
732	if (($stacksize > 0) && !in_array($tag, $nestable_tags) && ($tagstack[$stacksize - 1] == $tag)) {
733	$tagqueue = '</' . array_pop ($tagstack) . '>';
734	$stacksize--;
735	}
736	$stacksize = array_push ($tagstack, $tag);
737	}
738
739	// Attributes
740	$attributes = $regex[2];
741	if($attributes) {
742	$attributes = ' '.$attributes;
743	}
744	$tag = '<'.$tag.$attributes.'>';
745	//If already queuing a close tag, then put this tag on, too
746	if ($tagqueue) {
747	$tagqueue .= $tag;
748	$tag = '';
749	}
750	}
751	$newtext .= substr($text,0,$i) . $tag;
752	$text = substr($text,$i+$l);
753	}
754
755	// Clear Tag Queue
756	$newtext .= $tagqueue;
757
758	// Add Remaining text
759	$newtext .= $text;
760
761	// Empty Stack
762	while($x = array_pop($tagstack)) {
763	$newtext .= '</' . $x . '>'; // Add remaining tags to close
764	}
765
766	// WP fix for the bug with HTML comments
767	$newtext = str_replace("< !--","<!--",$newtext);
768	$newtext = str_replace("< !--","< !--",$newtext);
769
770	return $newtext;
771	}
772
773	/**
774	* Acts on text which is about to be edited.
775	*
776	* Unless $richedit is set, it is simply a holder for the 'format_to_edit'
777	* filter. If $richedit is set true htmlspecialchars() will be run on the
778	* content, converting special characters to HTMl entities.
779	*
780	* @since 0.71
781	*
782	* @param string $content The text about to be edited.
783	* @param bool $richedit Whether or not the $content should pass through htmlspecialchars(). Default false.
784	* @return string The text after the filter (and possibly htmlspecialchars()) has been run.
785	*/
786	function format_to_edit($content, $richedit = false) {
787	$content = apply_filters('format_to_edit', $content);
788	if (! $richedit )
789	$content = htmlspecialchars($content);
790	return $content;
791	}
792
793	/**
794	* Holder for the 'format_to_post' filter.
795	*
796	* @since 0.71
797	*
798	* @param string $content The text to pass through the filter.
799	* @return string Text returned from the 'format_to_post' filter.
800	*/
801	function format_to_post($content) {
802	$content = apply_filters('format_to_post', $content);
803	return $content;
804	}
805
806	/**
807	* Add leading zeros when necessary.
808	*
809	* If you set the threshold to '4' and the number is '10', then you will get
810	* back '0010'. If you set the number to '4' and the number is '5000', then you
811	* will get back '5000'.
812	*
813	* Uses sprintf to append the amount of zeros based on the $threshold parameter
814	* and the size of the number. If the number is large enough, then no zeros will
815	* be appended.
816	*
817	* @since 0.71
818	*
819	* @param mixed $number Number to append zeros to if not greater than threshold.
820	* @param int $threshold Digit places number needs to be to not have zeros added.
821	* @return string Adds leading zeros to number if needed.
822	*/
823	function zeroise($number, $threshold) {
824	return sprintf('%0'.$threshold.'s', $number);
825	}
826
827	/**
828	* Adds backslashes before letters and before a number at the start of a string.
829	*
830	* @since 0.71
831	*
832	* @param string $string Value to which backslashes will be added.
833	* @return string String with backslashes inserted.
834	*/
835	function backslashit($string) {
836	$string = preg_replace('/^([0-9])/', '\\\\\\\\\1', $string);
837	$string = preg_replace('/([a-z])/i', '\\\\\1', $string);
838	return $string;
839	}
840
841	/**
842	* Appends a trailing slash.
843	*
844	* Will remove trailing slash if it exists already before adding a trailing
845	* slash. This prevents double slashing a string or path.
846	*
847	* The primary use of this is for paths and thus should be used for paths. It is
848	* not restricted to paths and offers no specific path support.
849	*
850	* @since 1.2.0
851	* @uses untrailingslashit() Unslashes string if it was slashed already.
852	*
853	* @param string $string What to add the trailing slash to.
854	* @return string String with trailing slash added.
855	*/
856	function trailingslashit($string) {
857	return untrailingslashit($string) . '/';
858	}
859
860	/**
861	* Removes trailing slash if it exists.
862	*
863	* The primary use of this is for paths and thus should be used for paths. It is
864	* not restricted to paths and offers no specific path support.
865	*
866	* @since 2.2.0
867	*
868	* @param string $string What to remove the trailing slash from.
869	* @return string String without the trailing slash.
870	*/
871	function untrailingslashit($string) {
872	return rtrim($string, '/');
873	}
874
875	/**
876	* Adds slashes to escape strings.
877	*
878	* Slashes will first be removed if magic_quotes_gpc is set, see {@link
879	* http://www.php.net/magic_quotes} for more details.
880	*
881	* @since 0.71
882	*
883	* @param string $gpc The string returned from HTTP request data.
884	* @return string Returns a string escaped with slashes.
885	*/
886	function addslashes_gpc($gpc) {
887	global $wpdb;
888
889	if (get_magic_quotes_gpc()) {
890	$gpc = stripslashes($gpc);
891	}
892
893	return $wpdb->escape($gpc);
894	}
895
896	/**
897	* Navigates through an array and removes slashes from the values.
898	*
899	* If an array is passed, the array_map() function causes a callback to pass the
900	* value back to the function. The slashes from this value will removed.
901	*
902	* @since 2.0.0
903	*
904	* @param array\|string $value The array or string to be striped.
905	* @return array\|string Stripped array (or string in the callback).
906	*/
907	function stripslashes_deep($value) {
908	$value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
909	return $value;
910	}
911
912	/**
913	* Navigates through an array and encodes the values to be used in a URL.
914	*
915	* Uses a callback to pass the value of the array back to the function as a
916	* string.
917	*
918	* @since 2.2.0
919	*
920	* @param array\|string $value The array or string to be encoded.
921	* @return array\|string $value The encoded array (or string from the callback).
922	*/
923	function urlencode_deep($value) {
924	$value = is_array($value) ? array_map('urlencode_deep', $value) : urlencode($value);
925	return $value;
926	}
927
928	/**
929	* Converts email addresses characters to HTML entities to block spam bots.
930	*
931	* @since 0.71
932	*
933	* @param string $emailaddy Email address.
934	* @param int $mailto Optional. Range from 0 to 1. Used for encoding.
935	* @return string Converted email address.
936	*/
937	function antispambot($emailaddy, $mailto=0) {
938	$emailNOSPAMaddy = '';
939	srand ((float) microtime() * 1000000);
940	for ($i = 0; $i < strlen($emailaddy); $i = $i + 1) {
941	$j = floor(rand(0, 1+$mailto));
942	if ($j==0) {
943	$emailNOSPAMaddy .= '&#'.ord(substr($emailaddy,$i,1)).';';
944	} elseif ($j==1) {
945	$emailNOSPAMaddy .= substr($emailaddy,$i,1);
946	} elseif ($j==2) {
947	$emailNOSPAMaddy .= '%'.zeroise(dechex(ord(substr($emailaddy, $i, 1))), 2);
948	}
949	}
950	$emailNOSPAMaddy = str_replace('@','@',$emailNOSPAMaddy);
951	return $emailNOSPAMaddy;
952	}
953
954	/**
955	* Callback to convert URI match to HTML A element.
956	*
957	* This function was backported from 2.5.0 to 2.3.2. Regex callback for {@link
958	* make_clickable()}.
959	*
960	* @since 2.3.2
961	* @access private
962	*
963	* @param array $matches Single Regex Match.
964	* @return string HTML A element with URI address.
965	*/
966	function _make_url_clickable_cb($matches) {
967	$ret = '';
968	$url = $matches[2];
969	$url = clean_url($url);
970	if ( empty($url) )
971	return $matches[0];
972	// removed trailing [.,;:] from URL
973	if ( in_array(substr($url, -1), array('.', ',', ';', ':')) === true ) {
974	$ret = substr($url, -1);
975	$url = substr($url, 0, strlen($url)-1);
976	}
977	return $matches[1] . "<a href=\"$url\" rel=\"nofollow\">$url</a>" . $ret;
978	}
979
980	/**
981	* Callback to convert URL match to HTML A element.
982	*
983	* This function was backported from 2.5.0 to 2.3.2. Regex callback for {@link
984	* make_clickable()}.
985	*
986	* @since 2.3.2
987	* @access private
988	*
989	* @param array $matches Single Regex Match.
990	* @return string HTML A element with URL address.
991	*/
992	function _make_web_ftp_clickable_cb($matches) {
993	$ret = '';
994	$dest = $matches[2];
995	$dest = 'http://' . $dest;
996	$dest = clean_url($dest);
997	if ( empty($dest) )
998	return $matches[0];
999	// removed trailing [,;:] from URL
1000	if ( in_array(substr($dest, -1), array('.', ',', ';', ':')) === true ) {
1001	$ret = substr($dest, -1);
1002	$dest = substr($dest, 0, strlen($dest)-1);
1003	}
1004	return $matches[1] . "<a href=\"$dest\" rel=\"nofollow\">$dest</a>" . $ret;
1005	}
1006
1007	/**
1008	* Callback to convert email address match to HTML A element.
1009	*
1010	* This function was backported from 2.5.0 to 2.3.2. Regex callback for {@link
1011	* make_clickable()}.
1012	*
1013	* @since 2.3.2
1014	* @access private
1015	*
1016	* @param array $matches Single Regex Match.
1017	* @return string HTML A element with email address.
1018	*/
1019	function _make_email_clickable_cb($matches) {
1020	$email = $matches[2] . '@' . $matches[3];
1021	return $matches[1] . "<a href=\"mailto:$email\">$email</a>";
1022	}
1023
1024	/**
1025	* Convert plaintext URI to HTML links.
1026	*
1027	* Converts URI, www and ftp, and email addresses. Finishes by fixing links
1028	* within links.
1029	*
1030	* @since 0.71
1031	*
1032	* @param string $ret Content to convert URIs.
1033	* @return string Content with converted URIs.
1034	*/
1035	function make_clickable($ret) {
1036	$ret = ' ' . $ret;
1037	// in testing, using arrays here was found to be faster
1038	$ret = preg_replace_callback('#([\s>])([\w]+?://[\w\\x80-\\xff\#$%&~/.\-;:=,?@\[\]+]*)#is', '_make_url_clickable_cb', $ret);
1039	$ret = preg_replace_callback('#([\s>])((www\|ftp)\.[\w\\x80-\\xff\#$%&~/.\-;:=,?@\[\]+]*)#is', '_make_web_ftp_clickable_cb', $ret);
1040	$ret = preg_replace_callback('#([\s>])([.0-9a-z_+-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})#i', '_make_email_clickable_cb', $ret);
1041	// this one is not in an array because we need it to run last, for cleanup of accidental links within links
1042	$ret = preg_replace("#(<a( [^>]+?>\|>))<a [^>]+?>([^>]+?)</a></a>#i", "$1$3</a>", $ret);
1043	$ret = trim($ret);
1044	return $ret;
1045	}
1046
1047	/**
1048	* Adds rel nofollow string to all HTML A elements in content.
1049	*
1050	* @since 1.5.0
1051	*
1052	* @param string $text Content that may contain HTML A elements.
1053	* @return string Converted content.
1054	*/
1055	function wp_rel_nofollow( $text ) {
1056	global $wpdb;
1057	// This is a pre save filter, so text is already escaped.
1058	$text = stripslashes($text);
1059	$text = preg_replace_callback('\|<a (.+?)>\|i', 'wp_rel_nofollow_callback', $text);
1060	$text = $wpdb->escape($text);
1061	return $text;
1062	}
1063
1064	/**
1065	* Callback to used to add rel=nofollow string to HTML A element.
1066	*
1067	* Will remove already existing rel="nofollow" and rel='nofollow' from the
1068	* string to prevent from invalidating (X)HTML.
1069	*
1070	* @since 2.3.0
1071	*
1072	* @param array $matches Single Match
1073	* @return string HTML A Element with rel nofollow.
1074	*/
1075	function wp_rel_nofollow_callback( $matches ) {
1076	$text = $matches[1];
1077	$text = str_replace(array(' rel="nofollow"', " rel='nofollow'"), '', $text);
1078	return "<a $text rel=\"nofollow\">";
1079	}
1080
1081	/**
1082	* Convert text equivalent of smilies to images.
1083	*
1084	* Will only convert smilies if the option 'use_smilies' is true and the globals
1085	* used in the function aren't empty.
1086	*
1087	* @since 0.71
1088	* @uses $wp_smiliessearch, $wp_smiliesreplace Smiley replacement arrays.
1089	*
1090	* @param string $text Content to convert smilies from text.
1091	* @return string Converted content with text smilies replaced with images.
1092	*/
1093	function convert_smilies($text) {
1094	global $wp_smiliessearch, $wp_smiliesreplace;
1095	$output = '';
1096	if ( get_option('use_smilies') && !empty($wp_smiliessearch) && !empty($wp_smiliesreplace) ) {
1097	// HTML loop taken from texturize function, could possible be consolidated
1098	$textarr = preg_split("/(<.*>)/U", $text, -1, PREG_SPLIT_DELIM_CAPTURE); // capture the tags as well as in between
1099	$stop = count($textarr);// loop stuff
1100	for ($i = 0; $i < $stop; $i++) {
1101	$content = $textarr[$i];
1102	if ((strlen($content) > 0) && ('<' != $content{0})) { // If it's not a tag
1103	$content = preg_replace($wp_smiliessearch, $wp_smiliesreplace, $content);
1104	}
1105	$output .= $content;
1106	}
1107	} else {
1108	// return default text.
1109	$output = $text;
1110	}
1111	return $output;
1112	}
1113
1114	/**
1115	* Checks to see if the text is a valid email address.
1116	*
1117	* @since 0.71
1118	*
1119	* @param string $user_email The email address to be checked.
1120	* @return bool Returns true if valid, otherwise false.
1121	*/
1122	function is_email($user_email) {
1123	$chars = "/^([a-z0-9+_]\|\\-\|\\.)+@(([a-z0-9_]\|\\-)+\\.)+[a-z]{2,6}\$/i";
1124	if (strpos($user_email, '@') !== false && strpos($user_email, '.') !== false) {
1125	if (preg_match($chars, $user_email)) {
1126	return true;
1127	} else {
1128	return false;
1129	}
1130	} else {
1131	return false;
1132	}
1133	}
1134
1135	/**
1136	* Convert to ASCII from email subjects.
1137	*
1138	* @since 1.2.0
1139	* @usedby wp_mail() handles charsets in email subjects
1140	*
1141	* @param string $string Subject line
1142	* @return string Converted string to ASCII
1143	*/
1144	function wp_iso_descrambler($string) {
1145	/* this may only work with iso-8859-1, I'm afraid */
1146	if (!preg_match('#\=\?(.+)\?Q\?(.+)\?\=#i', $string, $matches)) {
1147	return $string;
1148	} else {
1149	$subject = str_replace('_', ' ', $matches[2]);
1150	/** @todo use preg_replace_callback() */
1151	$subject = preg_replace('#\=([0-9a-f]{2})#ei', "chr(hexdec(strtolower('$1')))", $subject);
1152	return $subject;
1153	}
1154	}
1155
1156	/**
1157	* Returns a date in the GMT equivalent.
1158	*
1159	* Requires and returns a date in the Y-m-d H:i:s format. Simply subtracts the
1160	* value of gmt_offset.
1161	*
1162	* @since 1.2.0
1163	*
1164	* @param string $string The date to be converted.
1165	* @return string GMT version of the date provided.
1166	*/
1167	function get_gmt_from_date($string) {
1168	preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
1169	$string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
1170	$string_gmt = gmdate('Y-m-d H:i:s', $string_time - get_option('gmt_offset') * 3600);
1171	return $string_gmt;
1172	}
1173
1174	/**
1175	* Converts a GMT date into the correct format for the blog.
1176	*
1177	* Requires and returns in the Y-m-d H:i:s format. Simply adds the value of
1178	* gmt_offset.
1179	*
1180	* @since 1.2.0
1181	*
1182	* @param string $string The date to be converted.
1183	* @return string Formatted date relative to the GMT offset.
1184	*/
1185	function get_date_from_gmt($string) {
1186	preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
1187	$string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
1188	$string_localtime = gmdate('Y-m-d H:i:s', $string_time + get_option('gmt_offset')*3600);
1189	return $string_localtime;
1190	}
1191
1192	/**
1193	* Computes an offset in seconds from an iso8601 timezone.
1194	*
1195	* @since 1.5.0
1196	*
1197	* @param string $timezone Either 'Z' for 0 offset or '±hhmm'.
1198	* @return int\|float The offset in seconds.
1199	*/
1200	function iso8601_timezone_to_offset($timezone) {
1201	// $timezone is either 'Z' or '[+\|-]hhmm'
1202	if ($timezone == 'Z') {
1203	$offset = 0;
1204	} else {
1205	$sign = (substr($timezone, 0, 1) == '+') ? 1 : -1;
1206	$hours = intval(substr($timezone, 1, 2));
1207	$minutes = intval(substr($timezone, 3, 4)) / 60;
1208	$offset = $sign * 3600 * ($hours + $minutes);
1209	}
1210	return $offset;
1211	}
1212
1213	/**
1214	* Converts an iso8601 date to MySQL DateTime format used by post_date[_gmt].
1215	*
1216	* @since 1.5.0
1217	*
1218	* @param string $date_string Date and time in ISO 8601 format {@link http://en.wikipedia.org/wiki/ISO_8601}.
1219	* @param string $timezone Optional. If set to GMT returns the time minus gmt_offset. Default is 'user'.
1220	* @return string The date and time in MySQL DateTime format - Y-m-d H:i:s.
1221	*/
1222	function iso8601_to_datetime($date_string, $timezone = 'user') {
1223	$timezone = strtolower($timezone);
1224
1225	if ($timezone == 'gmt') {
1226
1227	preg_match('#([0-9]{4})([0-9]{2})([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2})(Z\|[\+\|\-][0-9]{2,4}){0,1}#', $date_string, $date_bits);
1228
1229	if (!empty($date_bits[7])) { // we have a timezone, so let's compute an offset
1230	$offset = iso8601_timezone_to_offset($date_bits[7]);
1231	} else { // we don't have a timezone, so we assume user local timezone (not server's!)
1232	$offset = 3600 * get_option('gmt_offset');
1233	}
1234
1235	$timestamp = gmmktime($date_bits[4], $date_bits[5], $date_bits[6], $date_bits[2], $date_bits[3], $date_bits[1]);
1236	$timestamp -= $offset;
1237
1238	return gmdate('Y-m-d H:i:s', $timestamp);
1239
1240	} else if ($timezone == 'user') {
1241	return preg_replace('#([0-9]{4})([0-9]{2})([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2})(Z\|[\+\|\-][0-9]{2,4}){0,1}#', '$1-$2-$3 $4:$5:$6', $date_string);
1242	}
1243	}
1244
1245	/**
1246	* Adds a element attributes to open links in new windows.
1247	*
1248	* Comment text in popup windows should be filtered through this. Right now it's
1249	* a moderately dumb function, ideally it would detect whether a target or rel
1250	* attribute was already there and adjust its actions accordingly.
1251	*
1252	* @since 0.71
1253	*
1254	* @param string $text Content to replace links to open in a new window.
1255	* @return string Content that has filtered links.
1256	*/
1257	function popuplinks($text) {
1258	$text = preg_replace('/<a (.+?)>/i', "<a $1 target='_blank' rel='external'>", $text);
1259	return $text;
1260	}
1261
1262	/**
1263	* Strips out all characters that are not allowable in an email.
1264	*
1265	* @since 1.5.0
1266	*
1267	* @param string $email Email address to filter.
1268	* @return string Filtered email address.
1269	*/
1270	function sanitize_email($email) {
1271	return preg_replace('/[^a-z0-9+_.@-]/i', '', $email);
1272	}
1273
1274	/**
1275	* Determines the difference between two timestamps.
1276	*
1277	* The difference is returned in a human readable format such as "1 hour",
1278	* "5 mins", "2 days".
1279	*
1280	* @since 1.5.0
1281	*
1282	* @param int $from Unix timestamp from which the difference begins.
1283	* @param int $to Optional. Unix timestamp to end the time difference. Default becomes time() if not set.
1284	* @return string Human readable time difference.
1285	*/
1286	function human_time_diff( $from, $to = '' ) {
1287	if ( empty($to) )
1288	$to = time();
1289	$diff = (int) abs($to - $from);
1290	if ($diff <= 3600) {
1291	$mins = round($diff / 60);
1292	if ($mins <= 1) {
1293	$mins = 1;
1294	}
1295	$since = sprintf(__ngettext('%s min', '%s mins', $mins), $mins);
1296	} else if (($diff <= 86400) && ($diff > 3600)) {
1297	$hours = round($diff / 3600);
1298	if ($hours <= 1) {
1299	$hours = 1;
1300	}
1301	$since = sprintf(__ngettext('%s hour', '%s hours', $hours), $hours);
1302	} elseif ($diff >= 86400) {
1303	$days = round($diff / 86400);
1304	if ($days <= 1) {
1305	$days = 1;
1306	}
1307	$since = sprintf(__ngettext('%s day', '%s days', $days), $days);
1308	}
1309	return $since;
1310	}
1311
1312	/**
1313	* Generates an excerpt from the content, if needed.
1314	*
1315	* The excerpt word amount will be 55 words and if the amount is greater than
1316	* that, then the string '[...]' will be appended to the excerpt. If the string
1317	* is less than 55 words, then the content will be returned as is.
1318	*
1319	* @since 1.5.0
1320	*
1321	* @param string $text The exerpt. If set to empty an excerpt is generated.
1322	* @return string The excerpt.
1323	*/
1324	function wp_trim_excerpt($text) {
1325	if ( '' == $text ) {
1326	$text = get_the_content('');
1327
1328	$text = strip_shortcodes( $text );
1329
1330	$text = apply_filters('the_content', $text);
1331	$text = str_replace(']]>', ']]>', $text);
1332	$text = strip_tags($text);
1333	$excerpt_length = apply_filters('excerpt_length', 55);
1334	$words = explode(' ', $text, $excerpt_length + 1);
1335	if (count($words) > $excerpt_length) {
1336	array_pop($words);
1337	array_push($words, '[...]');
1338	$text = implode(' ', $words);
1339	}
1340	}
1341	return $text;
1342	}
1343
1344	/**
1345	* Converts named entities into numbered entities.
1346	*
1347	* @since 1.5.1
1348	*
1349	* @param string $text The text within which entities will be converted.
1350	* @return string Text with converted entities.
1351	*/
1352	function ent2ncr($text) {
1353	$to_ncr = array(
1354	'"' => '"',
1355	'&' => '&',
1356	'&frasl;' => '/',
1357	'<' => '<',
1358	'>' => '>',
1359	'\|' => '\|',
1360	' ' => ' ',
1361	'¡' => '¡',
1362	'¢' => '¢',
1363	'£' => '£',
1364	'¤' => '¤',
1365	'¥' => '¥',
1366	'¦' => '¦',
1367	'&brkbar;' => '¦',
1368	'§' => '§',
1369	'¨' => '¨',
1370	'&die;' => '¨',
1371	'©' => '©',
1372	'ª' => 'ª',
1373	'«' => '«',
1374	'¬' => '¬',
1375	'' => '',
1376	'®' => '®',
1377	'¯' => '¯',
1378	'&hibar;' => '¯',
1379	'°' => '°',
1380	'±' => '±',
1381	'²' => '²',
1382	'³' => '³',
1383	'´' => '´',
1384	'µ' => 'µ',
1385	'¶' => '¶',
1386	'·' => '·',
1387	'¸' => '¸',
1388	'¹' => '¹',
1389	'º' => 'º',
1390	'»' => '»',
1391	'¼' => '¼',
1392	'½' => '½',
1393	'¾' => '¾',
1394	'¿' => '¿',
1395	'À' => 'À',
1396	'Á' => 'Á',
1397	'Â' => 'Â',
1398	'Ã' => 'Ã',
1399	'Ä' => 'Ä',
1400	'Å' => 'Å',
1401	'Æ' => 'Æ',
1402	'Ç' => 'Ç',
1403	'È' => 'È',
1404	'É' => 'É',
1405	'Ê' => 'Ê',
1406	'Ë' => 'Ë',
1407	'Ì' => 'Ì',
1408	'Í' => 'Í',
1409	'Î' => 'Î',
1410	'Ï' => 'Ï',
1411	'Ð' => 'Ð',
1412	'Ñ' => 'Ñ',
1413	'Ò' => 'Ò',
1414	'Ó' => 'Ó',
1415	'Ô' => 'Ô',
1416	'Õ' => 'Õ',
1417	'Ö' => 'Ö',
1418	'×' => '×',
1419	'Ø' => 'Ø',
1420	'Ù' => 'Ù',
1421	'Ú' => 'Ú',
1422	'Û' => 'Û',
1423	'Ü' => 'Ü',
1424	'Ý' => 'Ý',
1425	'Þ' => 'Þ',
1426	'ß' => 'ß',
1427	'à' => 'à',
1428	'á' => 'á',
1429	'â' => 'â',
1430	'ã' => 'ã',
1431	'ä' => 'ä',
1432	'å' => 'å',
1433	'æ' => 'æ',
1434	'ç' => 'ç',
1435	'è' => 'è',
1436	'é' => 'é',
1437	'ê' => 'ê',
1438	'ë' => 'ë',
1439	'ì' => 'ì',
1440	'í' => 'í',
1441	'î' => 'î',
1442	'ï' => 'ï',
1443	'ð' => 'ð',
1444	'ñ' => 'ñ',
1445	'ò' => 'ò',
1446	'ó' => 'ó',
1447	'ô' => 'ô',
1448	'õ' => 'õ',
1449	'ö' => 'ö',
1450	'÷' => '÷',
1451	'ø' => 'ø',
1452	'ù' => 'ù',
1453	'ú' => 'ú',
1454	'û' => 'û',
1455	'ü' => 'ü',
1456	'ý' => 'ý',
1457	'þ' => 'þ',
1458	'ÿ' => 'ÿ',
1459	'&OElig;' => 'Œ',
1460	'&oelig;' => 'œ',
1461	'&Scaron;' => 'Š',
1462	'&scaron;' => 'š',
1463	'&Yuml;' => 'Ÿ',
1464	'&fnof;' => 'ƒ',
1465	'&circ;' => 'ˆ',
1466	'&tilde;' => '˜',
1467	'Α' => 'Α',
1468	'Β' => 'Β',
1469	'Γ' => 'Γ',
1470	'Δ' => 'Δ',
1471	'Ε' => 'Ε',
1472	'Ζ' => 'Ζ',
1473	'Η' => 'Η',
1474	'Θ' => 'Θ',
1475	'Ι' => 'Ι',
1476	'Κ' => 'Κ',
1477	'Λ' => 'Λ',
1478	'Μ' => 'Μ',
1479	'Ν' => 'Ν',
1480	'Ξ' => 'Ξ',
1481	'Ο' => 'Ο',
1482	'Π' => 'Π',
1483	'Ρ' => 'Ρ',
1484	'Σ' => 'Σ',
1485	'Τ' => 'Τ',
1486	'Υ' => 'Υ',
1487	'Φ' => 'Φ',
1488	'Χ' => 'Χ',
1489	'Ψ' => 'Ψ',
1490	'Ω' => 'Ω',
1491	'α' => 'α',
1492	'β' => 'β',
1493	'γ' => 'γ',
1494	'δ' => 'δ',
1495	'ε' => 'ε',
1496	'ζ' => 'ζ',
1497	'η' => 'η',
1498	'θ' => 'θ',
1499	'ι' => 'ι',
1500	'κ' => 'κ',
1501	'λ' => 'λ',
1502	'μ' => 'μ',
1503	'ν' => 'ν',
1504	'ξ' => 'ξ',
1505	'ο' => 'ο',
1506	'π' => 'π',
1507	'ρ' => 'ρ',
1508	'&sigmaf;' => 'ς',
1509	'σ' => 'σ',
1510	'τ' => 'τ',
1511	'υ' => 'υ',
1512	'φ' => 'φ',
1513	'χ' => 'χ',
1514	'ψ' => 'ψ',
1515	'ω' => 'ω',
1516	'&thetasym;' => 'ϑ',
1517	'&upsih;' => 'ϒ',
1518	'ϖ' => 'ϖ',
1519	'&ensp;' => ' ',
1520	'&emsp;' => ' ',
1521	' ' => ' ',
1522	'&zwnj;' => '‌',
1523	'&zwj;' => '‍',
1524	'&lrm;' => '‎',
1525	'&rlm;' => '‏',
1526	'–' => '–',
1527	'—' => '—',
1528	'‘' => '‘',
1529	'’' => '’',
1530	'&sbquo;' => '‚',
1531	'“' => '“',
1532	'”' => '”',
1533	'&bdquo;' => '„',
1534	'&dagger;' => '†',
1535	'&Dagger;' => '‡',
1536	'•' => '•',
1537	'…' => '…',
1538	'&permil;' => '‰',
1539	'′' => '′',
1540	'″' => '″',
1541	'&lsaquo;' => '‹',
1542	'&rsaquo;' => '›',
1543	'&oline;' => '‾',
1544	'&frasl;' => '⁄',
1545	'€' => '€',
1546	'&image;' => 'ℑ',
1547	'&weierp;' => '℘',
1548	'&real;' => 'ℜ',
1549	'™' => '™',
1550	'&alefsym;' => 'ℵ',
1551	'&crarr;' => '↵',
1552	'⇐' => '⇐',
1553	'&uArr;' => '⇑',
1554	'⇒' => '⇒',
1555	'&dArr;' => '⇓',
1556	'⇔' => '⇔',
1557	'∀' => '∀',
1558	'∂' => '∂',
1559	'∃' => '∃',
1560	'∅' => '∅',
1561	'∇' => '∇',
1562	'∈' => '∈',
1563	'∉' => '∉',
1564	'&ni;' => '∋',
1565	'∏' => '∏',
1566	'∑' => '∑',
1567	'−' => '−',
1568	'&lowast;' => '∗',
1569	'√' => '√',
1570	'&prop;' => '∝',
1571	'∞' => '∞',
1572	'&ang;' => '∠',
1573	'&and;' => '∧',
1574	'&or;' => '∨',
1575	'∩' => '∩',
1576	'∪' => '∪',
1577	'∫' => '∫',
1578	'&there4;' => '∴',
1579	'&sim;' => '∼',
1580	'&cong;' => '≅',
1581	'≈' => '≈',
1582	'≠' => '≠',
1583	'&equiv;' => '≡',
1584	'≤' => '≤',
1585	'≥' => '≥',
1586	'⊂' => '⊂',
1587	'⊃' => '⊃',
1588	'&nsub;' => '⊄',
1589	'&sube;' => '⊆',
1590	'&supe;' => '⊇',
1591	'&oplus;' => '⊕',
1592	'&otimes;' => '⊗',
1593	'&perp;' => '⊥',
1594	'⋅' => '⋅',
1595	'&lceil;' => '⌈',
1596	'&rceil;' => '⌉',
1597	'&lfloor;' => '⌊',
1598	'&rfloor;' => '⌋',
1599	'&lang;' => '〈',
1600	'&rang;' => '〉',
1601	'←' => '←',
1602	'↑' => '↑',
1603	'→' => '→',
1604	'↓' => '↓',
1605	'↔' => '↔',
1606	'&loz;' => '◊',
1607	'&spades;' => '♠',
1608	'&clubs;' => '♣',
1609	'&hearts;' => '♥',
1610	'&diams;' => '♦'
1611	);
1612
1613	return str_replace( array_keys($to_ncr), array_values($to_ncr), $text );
1614	}
1615
1616	/**
1617	* Formats text for the rich text editor.
1618	*
1619	* The filter 'richedit_pre' is applied here. If $text is empty the filter will
1620	* be applied to an empty string.
1621	*
1622	* @since 2.0.0
1623	*
1624	* @param string $text The text to be formatted.
1625	* @return string The formatted text after filter is applied.
1626	*/
1627	function wp_richedit_pre($text) {
1628	// Filtering a blank results in an annoying <br />\n
1629	if ( empty($text) ) return apply_filters('richedit_pre', '');
1630
1631	$output = convert_chars($text);
1632	$output = wpautop($output);
1633	$output = htmlspecialchars($output, ENT_NOQUOTES);
1634
1635	return apply_filters('richedit_pre', $output);
1636	}
1637
1638	/**
1639	* Formats text for the HTML editor.
1640	*
1641	* Unless $output is empty it will pass through htmlspecialchars before the
1642	* 'htmledit_pre' filter is applied.
1643	*
1644	* @since 2.5.0
1645	*
1646	* @param string $output The text to be formatted.
1647	* @return string Formatted text after filter applied.
1648	*/
1649	function wp_htmledit_pre($output) {
1650	if ( !empty($output) )
1651	$output = htmlspecialchars($output, ENT_NOQUOTES); // convert only < > &
1652
1653	return apply_filters('htmledit_pre', $output);
1654	}
1655
1656	/**
1657	* Checks and cleans a URL.
1658	*
1659	* A number of characters are removed from the URL. If the URL is for displaying
1660	* (the default behaviour) amperstands are also replaced. The 'clean_url' filter
1661	* is applied to the returned cleaned URL.
1662	*
1663	* @since 1.2.0
1664	* @uses wp_kses_bad_protocol() To only permit protocols in the URL set
1665	* via $protocols or the common ones set in the function.
1666	*
1667	* @param string $url The URL to be cleaned.
1668	* @param array $protocols Optional. An array of acceptable protocols.
1669	* Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set.
1670	* @param string $context Optional. How the URL will be used. Default is 'display'.
1671	* @return string The cleaned $url after the 'cleaned_url' filter is applied.
1672	*/
1673	function clean_url( $url, $protocols = null, $context = 'display' ) {
1674	$original_url = $url;
1675
1676	if ('' == $url) return $url;
1677	$url = preg_replace('\|[^a-z0-9-~+_.?#=!&;,/:%@$*\'()\\x80-\\xff]\|i', '', $url);
1678	$strip = array('%0d', '%0a');
1679	$url = str_replace($strip, '', $url);
1680	$url = str_replace(';//', '://', $url);
1681	/* If the URL doesn't appear to contain a scheme, we
1682	* presume it needs http:// appended (unless a relative
1683	* link starting with / or a php file).
1684	*/
1685	if ( strpos($url, ':') === false &&
1686	substr( $url, 0, 1 ) != '/' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) )
1687	$url = 'http://' . $url;
1688
1689	// Replace ampersands and single quotes only when displaying.
1690	if ( 'display' == $context ) {
1691	$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
1692	$url = str_replace( "'", ''', $url );
1693	}
1694
1695	if ( !is_array($protocols) )
1696	$protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet');
1697	if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
1698	return '';
1699
1700	return apply_filters('clean_url', $url, $original_url, $context);
1701	}
1702
1703	/**
1704	* Performs clean_url() for database usage.
1705	*
1706	* @see clean_url()
1707	*
1708	* @since 2.3.1
1709	*
1710	* @param string $url The URL to be cleaned.
1711	* @param array $protocols An array of acceptable protocols.
1712	* @return string The cleaned URL.
1713	*/
1714	function sanitize_url( $url, $protocols = null ) {
1715	return clean_url( $url, $protocols, 'db' );
1716	}
1717
1718	/**
1719	* Convert entities, while preserving already-encoded entities.
1720	*
1721	* @link http://www.php.net/htmlentities Borrowed from the PHP Manual user notes.
1722	*
1723	* @since 1.2.2
1724	*
1725	* @param string $myHTML The text to be converted.
1726	* @return string Converted text.
1727	*/
1728	function htmlentities2($myHTML) {
1729	$translation_table = get_html_translation_table( HTML_ENTITIES, ENT_QUOTES );
1730	$translation_table[chr(38)] = '&';
1731	return preg_replace( "/&(?![A-Za-z]{0,4}\w{2,3};\|#[0-9]{2,3};)/", "&", strtr($myHTML, $translation_table) );
1732	}
1733
1734	/**
1735	* Escape single quotes, specialchar double quotes, and fix line endings.
1736	*
1737	* The filter 'js_escape' is also applied here.
1738	*
1739	* @since 2.0.4
1740	*
1741	* @param string $text The text to be escaped.
1742	* @return string Escaped text.
1743	*/
1744	function js_escape($text) {
1745	$safe_text = wp_specialchars($text, 'double');
1746	$safe_text = preg_replace('/&#(x)?0*(?(1)27\|39);?/i', "'", stripslashes($safe_text));
1747	$safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text));
1748	return apply_filters('js_escape', $safe_text, $text);
1749	}
1750
1751	/**
1752	* Escaping for HTML attributes.
1753	*
1754	* @since 2.0.6
1755	*
1756	* @param string $text
1757	* @return string
1758	*/
1759	function attribute_escape($text) {
1760	$safe_text = wp_specialchars($text, true);
1761	return apply_filters('attribute_escape', $safe_text, $text);
1762	}
1763
1764	/**
1765	* Escape a HTML tag name.
1766	*
1767	* @since 2.5.0
1768	*
1769	* @param string $tag_name
1770	* @return string
1771	*/
1772	function tag_escape($tag_name) {
1773	$safe_tag = strtolower( preg_replace('[^a-zA-Z_:]', '', $tag_name) );
1774	return apply_filters('tag_escape', $safe_tag, $tag_name);
1775	}
1776
1777	/**
1778	* Escapes text for SQL LIKE special characters % and _.
1779	*
1780	* @since 2.5.0
1781	*
1782	* @param string $text The text to be escaped.
1783	* @return string text, safe for inclusion in LIKE query.
1784	*/
1785	function like_escape($text) {
1786	return str_replace(array("%", "_"), array("\\%", "\\_"), $text);
1787	}
1788
1789	/**
1790	* Convert full URL paths to absolute paths.
1791	*
1792	* Removes the http or https protocols and the domain. Keeps the path '/' at the
1793	* beginning, so it isn't a true relative link, but from the web root base.
1794	*
1795	* @since 2.1.0
1796	*
1797	* @param string $link Full URL path.
1798	* @return string Absolute path.
1799	*/
1800	function wp_make_link_relative( $link ) {
1801	return preg_replace( '\|https?://[^/]+(/.*)\|i', '$1', $link );
1802	}
1803
1804	/**
1805	* Sanitises various option values based on the nature of the option.
1806	*
1807	* This is basically a switch statement which will pass $value through a number
1808	* of functions depending on the $option.
1809	*
1810	* @since 2.0.5
1811	*
1812	* @param string $option The name of the option.
1813	* @param string $value The unsanitised value.
1814	* @return string Sanitized value.
1815	*/
1816	function sanitize_option($option, $value) {
1817
1818	switch ($option) {
1819	case 'admin_email':
1820	$value = sanitize_email($value);
1821	break;
1822
1823	case 'thumbnail_size_w':
1824	case 'thumbnail_size_h':
1825	case 'medium_size_w':
1826	case 'medium_size_h':
1827	case 'large_size_w':
1828	case 'large_size_h':
1829	case 'default_post_edit_rows':
1830	case 'mailserver_port':
1831	case 'comment_max_links':
1832	case 'page_on_front':
1833	case 'rss_excerpt_length':
1834	case 'default_category':
1835	case 'default_email_category':
1836	case 'default_link_category':
1837	case 'close_comments_days_old':
1838	case 'comments_per_page':
1839	case 'thread_comments_depth':
1840	$value = abs((int) $value);
1841	break;
1842
1843	case 'posts_per_page':
1844	case 'posts_per_rss':
1845	$value = (int) $value;
1846	if ( empty($value) ) $value = 1;
1847	if ( $value < -1 ) $value = abs($value);
1848	break;
1849
1850	case 'default_ping_status':
1851	case 'default_comment_status':
1852	// Options that if not there have 0 value but need to be something like "closed"
1853	if ( $value == '0' \|\| $value == '')
1854	$value = 'closed';
1855	break;
1856
1857	case 'blogdescription':
1858	case 'blogname':
1859	$value = addslashes($value);
1860	$value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
1861	$value = stripslashes($value);
1862	$value = wp_specialchars( $value );
1863	break;
1864
1865	case 'blog_charset':
1866	$value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes
1867	break;
1868
1869	case 'date_format':
1870	case 'time_format':
1871	case 'mailserver_url':
1872	case 'mailserver_login':
1873	case 'mailserver_pass':
1874	case 'ping_sites':
1875	case 'upload_path':
1876	$value = strip_tags($value);
1877	$value = addslashes($value);
1878	$value = wp_filter_kses($value); // calls stripslashes then addslashes
1879	$value = stripslashes($value);
1880	break;
1881
1882	case 'gmt_offset':
1883	$value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes
1884	break;
1885
1886	case 'siteurl':
1887	case 'home':
1888	$value = stripslashes($value);
1889	$value = clean_url($value);
1890	break;
1891	default :
1892	$value = apply_filters("sanitize_option_{$option}", $value, $option);
1893	break;
1894	}
1895
1896	return $value;
1897	}
1898
1899	/**
1900	* Parses a string into variables to be stored in an array.
1901	*
1902	* Uses {@link http://www.php.net/parse_str parse_str()} and stripslashes if
1903	* {@link http://www.php.net/magic_quotes magic_quotes_gpc} is on.
1904	*
1905	* @since 2.2.1
1906	* @uses apply_filters() for the 'wp_parse_str' filter.
1907	*
1908	* @param string $string The string to be parsed.
1909	* @param array $array Variables will be stored in this array.
1910	*/
1911	function wp_parse_str( $string, &$array ) {
1912	parse_str( $string, $array );
1913	if ( get_magic_quotes_gpc() )
1914	$array = stripslashes_deep( $array );
1915	$array = apply_filters( 'wp_parse_str', $array );
1916	}
1917
1918	/**
1919	* Convert lone less than signs.
1920	*
1921	* KSES already converts lone greater than signs.
1922	*
1923	* @uses wp_pre_kses_less_than_callback in the callback function.
1924	* @since 2.3.0
1925	*
1926	* @param string $text Text to be converted.
1927	* @return string Converted text.
1928	*/
1929	function wp_pre_kses_less_than( $text ) {
1930	return preg_replace_callback('%<[^>]*?((?=<)\|>\|$)%', 'wp_pre_kses_less_than_callback', $text);
1931	}
1932
1933	/**
1934	* Callback function used by preg_replace.
1935	*
1936	* @uses wp_specialchars to format the $matches text.
1937	* @since 2.3.0
1938	*
1939	* @param array $matches Populated by matches to preg_replace.
1940	* @return string The text returned after wp_specialchars if needed.
1941	*/
1942	function wp_pre_kses_less_than_callback( $matches ) {
1943	if ( false === strpos($matches[0], '>') )
1944	return wp_specialchars($matches[0]);
1945	return $matches[0];
1946	}
1947
1948	/**
1949	* WordPress implementation of PHP sprintf() with filters.
1950	*
1951	* @since 2.5.0
1952	* @link http://www.php.net/sprintf
1953	*
1954	* @param string $pattern The string which formatted args are inserted.
1955	* @param mixed $args,... Arguments to be formatted into the $pattern string.
1956	* @return string The formatted string.
1957	*/
1958	function wp_sprintf( $pattern ) {
1959	$args = func_get_args( );
1960	$len = strlen($pattern);
1961	$start = 0;
1962	$result = '';
1963	$arg_index = 0;
1964	while ( $len > $start ) {
1965	// Last character: append and break
1966	if ( strlen($pattern) - 1 == $start ) {
1967	$result .= substr($pattern, -1);
1968	break;
1969	}
1970
1971	// Literal %: append and continue
1972	if ( substr($pattern, $start, 2) == '%%' ) {
1973	$start += 2;
1974	$result .= '%';
1975	continue;
1976	}
1977
1978	// Get fragment before next %
1979	$end = strpos($pattern, '%', $start + 1);
1980	if ( false === $end )
1981	$end = $len;
1982	$fragment = substr($pattern, $start, $end - $start);
1983
1984	// Fragment has a specifier
1985	if ( $pattern{$start} == '%' ) {
1986	// Find numbered arguments or take the next one in order
1987	if ( preg_match('/^%(\d+)\$/', $fragment, $matches) ) {
1988	$arg = isset($args[$matches[1]]) ? $args[$matches[1]] : '';
1989	$fragment = str_replace("%{$matches[1]}$", '%', $fragment);
1990	} else {
1991	++$arg_index;
1992	$arg = isset($args[$arg_index]) ? $args[$arg_index] : '';
1993	}
1994
1995	// Apply filters OR sprintf
1996	$_fragment = apply_filters( 'wp_sprintf', $fragment, $arg );
1997	if ( $_fragment != $fragment )
1998	$fragment = $_fragment;
1999	else
2000	$fragment = sprintf($fragment, strval($arg) );
2001	}
2002
2003	// Append to result and move to next fragment
2004	$result .= $fragment;
2005	$start = $end;
2006	}
2007	return $result;
2008	}
2009
2010	/**
2011	* Localize list items before the rest of the content.
2012	*
2013	* The '%l' must be at the first characters can then contain the rest of the
2014	* content. The list items will have ', ', ', and', and ' and ' added depending
2015	* on the amount of list items in the $args parameter.
2016	*
2017	* @since 2.5.0
2018	*
2019	* @param string $pattern Content containing '%l' at the beginning.
2020	* @param array $args List items to prepend to the content and replace '%l'.
2021	* @return string Localized list items and rest of the content.
2022	*/
2023	function wp_sprintf_l($pattern, $args) {
2024	// Not a match
2025	if ( substr($pattern, 0, 2) != '%l' )
2026	return $pattern;
2027
2028	// Nothing to work with
2029	if ( empty($args) )
2030	return '';
2031
2032	// Translate and filter the delimiter set (avoid ampersands and entities here)
2033	$l = apply_filters('wp_sprintf_l', array(
2034	'between' => _c(', \|between list items'),
2035	'between_last_two' => _c(', and \|between last two list items'),
2036	'between_only_two' => _c(' and \|between only two list items'),
2037	));
2038
2039	$args = (array) $args;
2040	$result = array_shift($args);
2041	if ( count($args) == 1 )
2042	$result .= $l['between_only_two'] . array_shift($args);
2043	// Loop when more than two args
2044	$i = count($args);
2045	while ( $i ) {
2046	$arg = array_shift($args);
2047	$i--;
2048	if ( $i == 1 )
2049	$result .= $l['between_last_two'] . $arg;
2050	else
2051	$result .= $l['between'] . $arg;
2052	}
2053	return $result . substr($pattern, 2);
2054	}
2055
2056	/**
2057	* Safely extracts not more than the first $count characters from html string.
2058	*
2059	* UTF-8, tags and entities safe prefix extraction. Entities inside will NOT
2060	* be counted as one character. For example & will be counted as 4, < as
2061	* 3, etc.
2062	*
2063	* @since 2.5.0
2064	*
2065	* @param integer $str String to get the excerpt from.
2066	* @param integer $count Maximum number of characters to take.
2067	* @return string The excerpt.
2068	*/
2069	function wp_html_excerpt( $str, $count ) {
2070	$str = strip_tags( $str );
2071	$str = mb_strcut( $str, 0, $count );
2072	// remove part of an entity at the end
2073	$str = preg_replace( '/&[^;\s]{0,6}$/', '', $str );
2074	return $str;
2075	}
2076
2077	/**
2078	* Add a Base url to relative links in passed content.
2079	*
2080	* By default it supports the 'src' and 'href' attributes. However this can be
2081	* changed via the 3rd param.
2082	*
2083	* @since 2.7.0
2084	*
2085	* @param string $content String to search for links in.
2086	* @param string $base The base URL to prefix to links.
2087	* @param array $attrs The attributes which should be processed.
2088	* @return string The processed content.
2089	*/
2090	function links_add_base_url( $content, $base, $attrs = array('src', 'href') ) {
2091	$attrs = implode('\|', (array)$attrs);
2092	return preg_replace_callback("!($attrs)=(['\"])(.+?)\\2!i",
2093	create_function('$m', 'return _links_add_base($m, "' . $base . '");'),
2094	$content);
2095	}
2096
2097	/**
2098	* Callback to add a base url to relative links in passed content.
2099	*
2100	* @since 2.7.0
2101	* @access private
2102	*
2103	* @param string $m The matched link.
2104	* @param string $base The base URL to prefix to links.
2105	* @return string The processed link.
2106	*/
2107	function _links_add_base($m, $base) {
2108	//1 = attribute name 2 = quotation mark 3 = URL
2109	return $m[1] . '=' . $m[2] .
2110	(strpos($m[3], 'http://') === false ?
2111	path_join($base, $m[3]) :
2112	$m[3])
2113	. $m[2];
2114	}
2115
2116	/**
2117	* Adds a Target attribute to all links in passed content.
2118	*
2119	* This function by default only applies to <a> tags, however this can be
2120	* modified by the 3rd param.
2121	*
2122	* <b>NOTE:</b> Any current target attributed will be striped and replaced.
2123	*
2124	* @since 2.7.0
2125	*
2126	* @param string $content String to search for links in.
2127	* @param string $target The Target to add to the links.
2128	* @param array $tags An array of tags to apply to.
2129	* @return string The processed content.
2130	*/
2131	function links_add_target( $content, $target = '_blank', $tags = array('a') ) {
2132	$tags = implode('\|', (array)$tags);
2133	return preg_replace_callback("!<($tags)(.+?)>!i",
2134	create_function('$m', 'return _links_add_target($m, "' . $target . '");'),
2135	$content);
2136	}
2137	/**
2138	* Callback to add a target attribute to all links in passed content.
2139	*
2140	* @since 2.7.0
2141	* @access private
2142	*
2143	* @param string $m The matched link.
2144	* @param string $target The Target to add to the links.
2145	* @return string The processed link.
2146	*/
2147	function _links_add_target( $m, $target ) {
2148	$tag = $m[1];
2149	$link = preg_replace('\|(target=[\'"](.*?)[\'"])\|i', '', $m[2]);
2150	return '<' . $tag . $link . ' target="' . $target . '">';
2151	}
2152
2153	// normalize EOL characters and strip duplicate whitespace
2154	function normalize_whitespace( $str ) {
2155	$str = trim($str);
2156	$str = str_replace("\r", "\n", $str);
2157	$str = preg_replace( array( '/\n+/', '/[ \t]+/' ), array( "\n", ' ' ), $str );
2158	return $str;
2159	}
2160
2161	?>

Note: See TracBrowser for help on using the repository browser.

Trac UI Preferences

Download in other formats: