Changes from branches/3.0/wp-includes/formatting.php at r17172 to trunk/wp-includes/formatting.php at r17459

File:

• trunk/wp-includes/formatting.php (modified) (34 diffs)

trunk/wp-includes/formatting.php

@@ -57 +57 @@
         $static_replacements = array_merge(array('—', ' — ', '–', ' – ', 'xn--', '…', $opening_quote, $closing_quote, ' ™'), $cockneyreplace);
 
-        $dynamic_characters = array('/\'(\d\d(?:&#8217;|\')?s)/', '/\'(\d+)/', '/(\s|\A|[([{<]|")\'/', '/(\d+)"/', '/(\d+)\'/', '/(\S)\'([^\'\s])/', '/(\s|\A|[([{<])"(?!\s)/', '/"(\s|\S|\Z)/', '/\'([\s.]|\Z)/', '/\b(\d+)x(\d+)\b/');
+        $dynamic_characters = array('/\'(\d\d(?:&#8217;|\')?s)/', '/\'(\d)/', '/(\s|\A|[([{<]|")\'/', '/(\d)"/', '/(\d)\'/', '/(\S)\'([^\'\s])/', '/(\s|\A|[([{<])"(?!\s)/', '/"(\s|\S|\Z)/', '/\'([\s.]|\Z)/', '/\b(\d+)x(\d+)\b/');
         $dynamic_replacements = array('&#8217;$1','&#8217;$1', '$1&#8216;', '$1&#8243;', '$1&#8242;', '$1&#8217;$2', '$1' . $opening_quote . '$2', $closing_quote . '$1', '&#8217;$1', '$1&#215;$2');
 
@@ -74 +74 @@
         $curl = $textarr[$i];
 
-        if ( !empty($curl) && '<' != $curl{0} && '[' != $curl{0}
+        if ( !empty($curl) && '<' != $curl[0] && '[' != $curl[0]
                 && empty($no_texturize_shortcodes_stack) && empty($no_texturize_tags_stack)) {
             // This is not a tag, nor is the texturization disabled
@@ -86 +86 @@
              * tag opening
              */
-            if ('<' == $curl{0})
+            if ('<' == $curl[0])
                 _wptexturize_pushpop_element($curl, $no_texturize_tags_stack, $no_texturize_tags, '<', '>');
-            elseif ('[' == $curl{0})
+            elseif ('[' == $curl[0])
                 _wptexturize_pushpop_element($curl, $no_texturize_shortcodes_stack, $no_texturize_shortcodes, '[', ']');
         }
@@ -209 +209 @@
     $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee);
     if ($br) {
-        $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', create_function('$matches', 'return str_replace("\n", "<WPPreserveNewline />", $matches[0]);'), $pee);
+        $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', '_autop_newline_preservation_helper', $pee);
         $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks
         $pee = str_replace('<WPPreserveNewline />', "\n", $pee);
@@ -220 +220 @@
 
     return $pee;
+}
+
+/**
+ * Newline preservation help function for wpautop
+ *
+ * @since 3.1.0
+ * @access private
+ * @param array $matches preg_replace_callback matches array
+ * @returns string
+ */
+function _autop_newline_preservation_helper( $matches ) {
+    return str_replace("\n", "<WPPreserveNewline />", $matches[0]);
 }
 
@@ -539 +551 @@
         chr(195).chr(130) => 'A', chr(195).chr(131) => 'A',
         chr(195).chr(132) => 'A', chr(195).chr(133) => 'A',
-        chr(195).chr(135) => 'C', chr(195).chr(136) => 'E',
-        chr(195).chr(137) => 'E', chr(195).chr(138) => 'E',
-        chr(195).chr(139) => 'E', chr(195).chr(140) => 'I',
-        chr(195).chr(141) => 'I', chr(195).chr(142) => 'I',
-        chr(195).chr(143) => 'I', chr(195).chr(145) => 'N',
+        chr(195).chr(134) => 'AE',chr(195).chr(135) => 'C',
+        chr(195).chr(136) => 'E', chr(195).chr(137) => 'E',
+        chr(195).chr(138) => 'E', chr(195).chr(139) => 'E',
+        chr(195).chr(140) => 'I', chr(195).chr(141) => 'I',
+        chr(195).chr(142) => 'I', chr(195).chr(143) => 'I',
+        chr(195).chr(144) => 'D', chr(195).chr(145) => 'N',
         chr(195).chr(146) => 'O', chr(195).chr(147) => 'O',
         chr(195).chr(148) => 'O', chr(195).chr(149) => 'O',
@@ -549 +562 @@
         chr(195).chr(154) => 'U', chr(195).chr(155) => 'U',
         chr(195).chr(156) => 'U', chr(195).chr(157) => 'Y',
-        chr(195).chr(159) => 's', chr(195).chr(160) => 'a',
-        chr(195).chr(161) => 'a', chr(195).chr(162) => 'a',
-        chr(195).chr(163) => 'a', chr(195).chr(164) => 'a',
-        chr(195).chr(165) => 'a', chr(195).chr(167) => 'c',
+        chr(195).chr(158) => 'TH',chr(195).chr(159) => 's',
+        chr(195).chr(160) => 'a', chr(195).chr(161) => 'a',
+        chr(195).chr(162) => 'a', chr(195).chr(163) => 'a',
+        chr(195).chr(164) => 'a', chr(195).chr(165) => 'a',
+        chr(195).chr(166) => 'ae',chr(195).chr(167) => 'c',
         chr(195).chr(168) => 'e', chr(195).chr(169) => 'e',
         chr(195).chr(170) => 'e', chr(195).chr(171) => 'e',
         chr(195).chr(172) => 'i', chr(195).chr(173) => 'i',
         chr(195).chr(174) => 'i', chr(195).chr(175) => 'i',
-        chr(195).chr(177) => 'n', chr(195).chr(178) => 'o',
-        chr(195).chr(179) => 'o', chr(195).chr(180) => 'o',
-        chr(195).chr(181) => 'o', chr(195).chr(182) => 'o',
-        chr(195).chr(182) => 'o', chr(195).chr(185) => 'u',
-        chr(195).chr(186) => 'u', chr(195).chr(187) => 'u',
-        chr(195).chr(188) => 'u', chr(195).chr(189) => 'y',
+        chr(195).chr(176) => 'd', chr(195).chr(177) => 'n',
+        chr(195).chr(178) => 'o', chr(195).chr(179) => 'o',
+        chr(195).chr(180) => 'o', chr(195).chr(181) => 'o',
+        chr(195).chr(182) => 'o', chr(195).chr(182) => 'o',
+        chr(195).chr(185) => 'u', chr(195).chr(186) => 'u',
+        chr(195).chr(187) => 'u', chr(195).chr(188) => 'u',
+        chr(195).chr(189) => 'y', chr(195).chr(190) => 'th',
         chr(195).chr(191) => 'y',
         // Decompositions for Latin Extended-A
@@ -629 +644 @@
         chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
         chr(197).chr(190) => 'z', chr(197).chr(191) => 's',
+        // Decompositions for Latin Extended-B
+        chr(200).chr(152) => 'S', chr(200).chr(153) => 's',
+        chr(200).chr(154) => 'T', chr(200).chr(155) => 't',
         // Euro Sign
         chr(226).chr(130).chr(172) => 'E',
@@ -719 +737 @@
  * Sanitize username stripping out unsafe characters.
  *
- * If $strict is true, only alphanumeric characters (as well as _, space, ., -,
- * @) are returned.
- * Removes tags, octets, entities, and if strict is enabled, will remove all
- * non-ASCII characters. After sanitizing, it passes the username, raw username
- * (the username in the parameter), and the strict parameter as parameters for
- * the filter.
+ * Removes tags, octets, entities, and if strict is enabled, will only keep
+ * alphanumeric, _, space, ., -, @. After sanitizing, it passes the username,
+ * raw username (the username in the parameter), and the value of $strict as
+ * parameters for the 'sanitize_user' filter.
  *
  * @since 2.0.0
@@ -746 +762 @@
         $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
 
+    $username = trim( $username );
     // Consolidate contiguous whitespace
     $username = preg_replace( '|\s+|', ' ', $username );
@@ -755 +772 @@
  * Sanitize a string key.
  *
- * Keys are used as internal identifiers. They should be lowercase ASCII.  Dashes and underscores are allowed.
+ * Keys are used as internal identifiers. Lowercase alphanumeric characters, dashes and underscores are allowed.
  *
  * @since 3.0.0
@@ -764 +781 @@
 function sanitize_key( $key ) {
     $raw_key = $key;
-    $key = wp_strip_all_tags($key);
-    // Kill octets
-    $key = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $key);
-    $key = preg_replace('/&.+?;/', '', $key); // Kill entities
-
-    $key = preg_replace('|[^a-z0-9 _.\-@]|i', '', $key);
-
-    // Consolidate contiguous whitespace
-    $key = preg_replace('|\s+|', ' ', $key);
-
-    return apply_filters('sanitize_key', $key, $raw_key);
+    $key = strtolower( $key );
+    $key = preg_replace( '/[^a-z0-9_\-]/', '', $key );
+    return apply_filters( 'sanitize_key', $key, $raw_key );
 }
 
@@ -788 +797 @@
  * @param string $title The string to be sanitized.
  * @param string $fallback_title Optional. A title to use if $title is empty.
+ * @param string $context Optional. The operation for which the string is sanitized
  * @return string The sanitized string.
  */
-function sanitize_title($title, $fallback_title = '') {
+function sanitize_title($title, $fallback_title = '', $context = 'save') {
     $raw_title = $title;
-    $title = strip_tags($title);
-    $title = apply_filters('sanitize_title', $title, $raw_title);
+
+    if ( 'save' == $context )
+        $title = remove_accents($title);
+
+    $title = apply_filters('sanitize_title', $title, $raw_title, $context);
 
     if ( '' === $title || false === $title )
@@ -799 +812 @@
 
     return $title;
+}
+
+function sanitize_title_for_query($title) {
+    return sanitize_title($title, '', 'query');
 }
 
@@ -821 +838 @@
     $title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
 
-    $title = remove_accents($title);
     if (seems_utf8($title)) {
         if (function_exists('mb_strtolower')) {
@@ -981 +997 @@
  *
  * @author Leonard Lin <leonard@acm.org>
- * @license GPL v2.0
+ * @license GPL
  * @copyright November 4, 2001
  * @version 1.1
@@ -1099 +1115 @@
  *
  * Unless $richedit is set, it is simply a holder for the 'format_to_edit'
- * filter. If $richedit is set true htmlspecialchars() will be run on the
- * content, converting special characters to HTMl entities.
+ * filter. If $richedit is set true htmlspecialchars(), through esc_textarea(),
+ * will be run on the content, converting special characters to HTML entities.
  *
  * @since 0.71
@@ -1108 +1124 @@
  * @return string The text after the filter (and possibly htmlspecialchars()) has been run.
  */
-function format_to_edit($content, $richedit = false) {
-    $content = apply_filters('format_to_edit', $content);
-    if (! $richedit )
-        $content = htmlspecialchars($content);
+function format_to_edit( $content, $richedit = false ) {
+    $content = apply_filters( 'format_to_edit', $content );
+    if ( ! $richedit )
+        $content = esc_textarea( $content );
     return $content;
 }
@@ -1297 +1313 @@
 function _make_url_clickable_cb($matches) {
     $url = $matches[2];
+    $suffix = '';
+
+    /** Include parentheses in the URL only if paired **/
+    while ( substr_count( $url, '(' ) < substr_count( $url, ')' ) ) {
+        $suffix = strrchr( $url, ')' ) . $suffix;
+        $url = substr( $url, 0, strrpos( $url, ')' ) );
+    }
 
     $url = esc_url($url);
@@ -1302 +1325 @@
         return $matches[0];
 
-    return $matches[1] . "<a href=\"$url\" rel=\"nofollow\">$url</a>";
+    return $matches[1] . "<a href=\"$url\" rel=\"nofollow\">$url</a>" . $suffix;
 }
 
@@ -1364 +1387 @@
     $ret = ' ' . $ret;
     // in testing, using arrays here was found to be faster
-    $ret = preg_replace_callback('#(?<=[\s>])(\()?([\w]+?://(?:[\w\\x80-\\xff\#$%&~/=?@\[\](+-]|[.,;:](?![\s<]|(\))?([\s]|$))|(?(1)\)(?![\s<.,;:]|$)|\)))+)#is', '_make_url_clickable_cb', $ret);
+    $ret = preg_replace_callback('#(?<!=[\'"])(?<=[*\')+.,;:!&$\s>])(\()?([\w]+?://(?:[\w\\x80-\\xff\#%~/?@\[\]-]|[\'*(+.,;:!=&$](?![\b\)]|(\))?([\s]|$))|(?(1)\)(?![\s<.,;:]|$)|\)))+)#is', '_make_url_clickable_cb', $ret);
     $ret = preg_replace_callback('#([\s>])((www|ftp)\.[\w\\x80-\\xff\#$%&~/.\-;:=,?@\[\]+]+)#is', '_make_web_ftp_clickable_cb', $ret);
     $ret = preg_replace_callback('#([\s>])([.0-9a-z_+-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})#i', '_make_email_clickable_cb', $ret);
@@ -1425 +1448 @@
     }
 
-    $siteurl = get_option( 'siteurl' );
-
     $smiley = trim(reset($smiley));
     $img = $wpsmiliestrans[$smiley];
     $smiley_masked = esc_attr($smiley);
 
-    $srcurl = apply_filters('smilies_src', "$siteurl/wp-includes/images/smilies/$img", $img, $siteurl);
+    $srcurl = apply_filters('smilies_src', includes_url("images/smilies/$img"), $img, site_url());
 
     return " <img src='$srcurl' alt='$smiley_masked' class='wp-smiley' /> ";
@@ -1457 +1478 @@
         for ($i = 0; $i < $stop; $i++) {
             $content = $textarr[$i];
-            if ((strlen($content) > 0) && ('<' != $content{0})) { // If it's not a tag
+            if ((strlen($content) > 0) && ('<' != $content[0])) { // If it's not a tag
                 $content = preg_replace_callback($wp_smiliessearch, 'translate_smiley', $content);
             }
@@ -1477 +1498 @@
  *
  * @param string $email Email address to verify.
- * @param boolean $deprecated. Deprecated.
+ * @param boolean $deprecated Deprecated.
  * @return string|bool Either false or the valid email address.
  */
@@ -1554 +1575 @@
     } else {
         $subject = str_replace('_', ' ', $matches[2]);
-        $subject = preg_replace_callback('#\=([0-9a-f]{2})#i', create_function('$match', 'return chr(hexdec(strtolower($match[1])));'), $subject);
+        $subject = preg_replace_callback('#\=([0-9a-f]{2})#i', '_wp_iso_convert', $subject);
         return $subject;
     }
+}
+
+/**
+ * Helper function to convert hex encoded chars to ascii
+ *
+ * @since 3.1.0
+ * @access private
+ * @param array $match the preg_replace_callback matches array
+ */
+function _wp_iso_convert( $match ) {
+    return chr( hexdec( strtolower( $match[1] ) ) );
 }
 
@@ -1744 +1776 @@
 
         // Test for invalid characters
-        $sub = preg_replace( '/^[^a-z0-9-]+$/i', '', $sub );
+        $sub = preg_replace( '/[^a-z0-9-]+/i', '', $sub );
 
         // If there's anything left, add it to the valid subs
@@ -2330 +2362 @@
 
 /**
+ * Escaping for textarea values.
+ *
+ * @since 3.1
+ *
+ * @param string $text
+ * @return string
+ */
+function esc_textarea( $text ) {
+    $safe_text = htmlspecialchars( $text, ENT_QUOTES );
+    return apply_filters( 'esc_textarea', $safe_text, $text );
+}
+
+/**
  * Escape a HTML tag name.
  *
@@ -2581 +2626 @@
 
         // Fragment has a specifier
-        if ( $pattern{$start} == '%' ) {
+        if ( $pattern[$start] == '%' ) {
             // Find numbered arguments or take the next one in order
             if ( preg_match('/^%(\d+)\$/', $fragment, $matches) ) {
@@ -2690 +2735 @@
  */
 function links_add_base_url( $content, $base, $attrs = array('src', 'href') ) {
+    global $_links_add_base;
+    $_links_add_base = $base;
     $attrs = implode('|', (array)$attrs);
-    return preg_replace_callback("!($attrs)=(['\"])(.+?)\\2!i",
-            create_function('$m', 'return _links_add_base($m, "' . $base . '");'),
-            $content);
+    return preg_replace_callback( "!($attrs)=(['\"])(.+?)\\2!i", '_links_add_base', $content );
 }
 
@@ -2703 +2748 @@
  *
  * @param string $m The matched link.
- * @param string $base The base URL to prefix to links.
  * @return string The processed link.
  */
-function _links_add_base($m, $base) {
+function _links_add_base($m) {
+    global $_links_add_base;
     //1 = attribute name  2 = quotation mark  3 = URL
     return $m[1] . '=' . $m[2] .
         (strpos($m[3], 'http://') === false ?
-            path_join($base, $m[3]) :
+            path_join($_links_add_base, $m[3]) :
             $m[3])
         . $m[2];
@@ -2731 +2776 @@
  */
 function links_add_target( $content, $target = '_blank', $tags = array('a') ) {
+    global $_links_add_target;
+    $_links_add_target = $target;
     $tags = implode('|', (array)$tags);
-    return preg_replace_callback("!<($tags)(.+?)>!i",
-            create_function('$m', 'return _links_add_target($m, "' . $target . '");'),
-            $content);
+    return preg_replace_callback( "!<($tags)(.+?)>!i", '_links_add_target', $content );
 }
 
@@ -2744 +2789 @@
  *
  * @param string $m The matched link.
- * @param string $target The Target to add to the links.
  * @return string The processed link.
  */
-function _links_add_target( $m, $target ) {
+function _links_add_target( $m ) {
+    global $_links_add_target;
     $tag = $m[1];
     $link = preg_replace('|(target=[\'"](.*?)[\'"])|i', '', $m[2]);
-    return '<' . $tag . $link . ' target="' . $target . '">';
+    return '<' . $tag . $link . ' target="' . esc_attr( $_links_add_target ) . '">';
 }
 
@@ -2821 +2866 @@
 
 /**
+ * i18n friendly version of basename()
+ *
+ * @since 3.1.0
+ *
+ * @param string $path A path.
+ * @param string $suffix If the filename ends in suffix this will also be cut off.
+ * @return string
+ */
+function wp_basename( $path, $suffix = '' ) {
+    return urldecode( basename( str_replace( '%2F', '/', urlencode( $path ) ), $suffix ) );
+}
+
+/**
  * Forever eliminate "Wordpress" from the planet (or at least the little bit we can influence).
  *
@@ -2827 +2885 @@
  * @since 3.0.0
  */
-
 function capital_P_dangit( $text ) {
     // Simple replacement for titles