Changeset 11929 for trunk/wp-includes/formatting.php
- Timestamp:
- 09/14/2009 01:57:48 PM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/formatting.php
r11907 r11929 629 629 function sanitize_user( $username, $strict = false ) { 630 630 $raw_username = $username; 631 $username = strip_tags($username);631 $username = wp_strip_all_tags($username); 632 632 // Kill octets 633 633 $username = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $username); … … 2246 2246 $safe_text = _wp_specialchars( $safe_text, ENT_QUOTES ); 2247 2247 return apply_filters( 'esc_html', $safe_text, $text ); 2248 return $text;2249 2248 } 2250 2249 … … 2602 2601 */ 2603 2602 function wp_html_excerpt( $str, $count ) { 2604 $str = strip_tags( $str);2603 $str = wp_strip_all_tags( $str, true ); 2605 2604 $str = mb_substr( $str, 0, $count ); 2606 2605 // remove part of an entity at the end … … 2669 2668 $content); 2670 2669 } 2670 2671 2671 /** 2672 2672 * Callback to add a target attribute to all links in passed content. … … 2693 2693 } 2694 2694 2695 /** 2696 * Properly strip all HTML tags including script and style 2697 * 2698 * @since 2.9.0 2699 * 2700 * @param string $string String containing HTML tags 2701 * @param bool $remove_breaks optional Whether to remove left over line breaks and white space chars 2702 * @return string The processed string. 2703 */ 2704 function wp_strip_all_tags($string, $remove_breaks = false) { 2705 $string = preg_replace( '@<(script|style)[^>]*?>.*?</\\1>@si', '', $string ); 2706 $string = strip_tags($string); 2707 2708 if ( $remove_breaks ) 2709 $string = preg_replace('/\s+/', ' ', $string); 2710 2711 return trim($string); 2712 } 2713 2714 /** 2715 * Sanitize a string from user input or from the db 2716 * 2717 * check for invalid UTF-8, 2718 * Convert single < characters to entity, 2719 * strip all tags, 2720 * remove line breaks, tabs and extra whitre space, 2721 * strip octets. 2722 * 2723 * @since 2.9 2724 * 2725 * @param string $str 2726 * @return string 2727 */ 2728 function sanitize_text_field($str) { 2729 $filtered = wp_check_invalid_utf8( $str ); 2730 2731 if ( strpos($filtered, '<') !== false ) { 2732 $filtered = wp_pre_kses_less_than( $filtered ); 2733 $filtered = wp_strip_all_tags( $filtered, true ); 2734 } else { 2735 $filtered = trim( preg_replace('/\s+/', ' ', $filtered) ); 2736 } 2737 2738 $match = array(); 2739 while ( preg_match('/%[a-f0-9]{2}/i', $filtered, $match) ) 2740 $filtered = str_replace($match[0], '', $filtered); 2741 2742 return apply_filters('sanitize_text_field', $filtered, $str); 2743 } 2744 2695 2745 ?>
Note: See TracChangeset
for help on using the changeset viewer.