CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
wp_slash example
$attachment = $this->prepare_item_for_database( $request );
$attachment->post_mime_type = $type;
$attachment->guid = $url;
if ( empty( $attachment->post_title ) ) {
$attachment->post_title = preg_replace( '/\.[^.]+$/', '', wp_basename( $file ) );
}
// $post_parent is inherited from $attachment['post_parent']. $id = wp_insert_attachment( wp_slash( (array) $attachment ), $file, 0, true, false );
if ( is_wp_error( $id ) ) {
if ( 'db_update_error' === $id->get_error_code() ) {
$id->add_data( array( 'status' => 500 ) );
} else {
$id->add_data( array( 'status' => 400 ) );
}
return $id;
}
$attachment->post_mime_type = $type;
$attachment->guid = $url;
if ( empty( $attachment->post_title ) ) {
$attachment->post_title = preg_replace( '/\.[^.]+$/', '', wp_basename( $file ) );
}
// $post_parent is inherited from $attachment['post_parent']. $id = wp_insert_attachment( wp_slash( (array) $attachment ), $file, 0, true, false );
if ( is_wp_error( $id ) ) {
if ( 'db_update_error' === $id->get_error_code() ) {
$id->add_data( array( 'status' => 500 ) );
} else {
$id->add_data( array( 'status' => 400 ) );
}
return $id;
}
if ( ! empty( $request['id'] ) ) {
return new WP_Error( 'rest_post_exists', __( 'Cannot create existing post.' ), array( 'status' => 400 ) );
}
$prepared_nav_item = $this->prepare_item_for_database( $request );
if ( is_wp_error( $prepared_nav_item ) ) {
return $prepared_nav_item;
}
$prepared_nav_item = (array) $prepared_nav_item;
$nav_menu_item_id = wp_update_nav_menu_item( $prepared_nav_item['menu-id'], $prepared_nav_item['menu-item-db-id'], wp_slash( $prepared_nav_item ), false );
if ( is_wp_error( $nav_menu_item_id ) ) {
if ( 'db_insert_error' === $nav_menu_item_id->get_error_code() ) {
$nav_menu_item_id->add_data( array( 'status' => 500 ) );
} else {
$nav_menu_item_id->add_data( array( 'status' => 400 ) );
}
return $nav_menu_item_id;
}
$nav_menu_item = $this->get_nav_menu_item( $nav_menu_item_id );
return new WP_Error( 'rest_post_exists', __( 'Cannot create existing post.' ), array( 'status' => 400 ) );
}
$prepared_nav_item = $this->prepare_item_for_database( $request );
if ( is_wp_error( $prepared_nav_item ) ) {
return $prepared_nav_item;
}
$prepared_nav_item = (array) $prepared_nav_item;
$nav_menu_item_id = wp_update_nav_menu_item( $prepared_nav_item['menu-id'], $prepared_nav_item['menu-item-db-id'], wp_slash( $prepared_nav_item ), false );
if ( is_wp_error( $nav_menu_item_id ) ) {
if ( 'db_insert_error' === $nav_menu_item_id->get_error_code() ) {
$nav_menu_item_id->add_data( array( 'status' => 500 ) );
} else {
$nav_menu_item_id->add_data( array( 'status' => 400 ) );
}
return $nav_menu_item_id;
}
$nav_menu_item = $this->get_nav_menu_item( $nav_menu_item_id );
if (
JSON_ERROR_NONE === $json_decoding_error &&
is_array( $decoded_data ) &&
isset( $decoded_data['isGlobalStylesUserThemeJSON'] ) &&
$decoded_data['isGlobalStylesUserThemeJSON']
) {
unset( $decoded_data['isGlobalStylesUserThemeJSON'] );
$data_to_encode = WP_Theme_JSON::remove_insecure_properties( $decoded_data );
$data_to_encode['isGlobalStylesUserThemeJSON'] = true;
return wp_slash( wp_json_encode( $data_to_encode ) );
}
return $data;
}
/** * Sanitizes content for allowed HTML tags for post content. * * Post content refers to the page contents of the 'post' type and not `$_POST` * data from forms. * * This function expects unslashed data. * * @since 2.9.0 * * @param string $data Post content to filter. * @return string Filtered post content with allowed HTML tags and attributes intact. */
JSON_ERROR_NONE === $json_decoding_error &&
is_array( $decoded_data ) &&
isset( $decoded_data['isGlobalStylesUserThemeJSON'] ) &&
$decoded_data['isGlobalStylesUserThemeJSON']
) {
unset( $decoded_data['isGlobalStylesUserThemeJSON'] );
$data_to_encode = WP_Theme_JSON::remove_insecure_properties( $decoded_data );
$data_to_encode['isGlobalStylesUserThemeJSON'] = true;
return wp_slash( wp_json_encode( $data_to_encode ) );
}
return $data;
}
/** * Sanitizes content for allowed HTML tags for post content. * * Post content refers to the page contents of the 'post' type and not `$_POST` * data from forms. * * This function expects unslashed data. * * @since 2.9.0 * * @param string $data Post content to filter. * @return string Filtered post content with allowed HTML tags and attributes intact. */
if ( is_wp_error( $term ) ) {
return $term;
}
if ( ! $term ) {
return new WP_Error( 'invalid_term', __( 'Empty Term.' ) );
}
$term = (array) $term->data;
// Escape data pulled from DB. $term = wp_slash( $term );
// Merge old and new args with new args overwriting old ones. $args = array_merge( $term, $args );
$defaults = array(
'alias_of' => '',
'description' => '',
'parent' => 0,
'slug' => '',
);
$args = wp_parse_args( $args, $defaults );
return $term;
}
if ( ! $term ) {
return new WP_Error( 'invalid_term', __( 'Empty Term.' ) );
}
$term = (array) $term->data;
// Escape data pulled from DB. $term = wp_slash( $term );
// Merge old and new args with new args overwriting old ones. $args = array_merge( $term, $args );
$defaults = array(
'alias_of' => '',
'description' => '',
'parent' => 0,
'slug' => '',
);
$args = wp_parse_args( $args, $defaults );
$cat_id = (int) $catarr['cat_ID'];
if ( isset( $catarr['category_parent'] ) && ( $cat_id === (int) $catarr['category_parent'] ) ) {
return false;
}
// First, get all of the original fields. $category = get_term( $cat_id, 'category', ARRAY_A );
_make_cat_compat( $category );
// Escape data pulled from DB. $category = wp_slash( $category );
// Merge old and new fields with new fields overwriting old ones. $catarr = array_merge( $category, $catarr );
return wp_insert_category( $catarr );
}
// // Tags. //
if ( isset( $catarr['category_parent'] ) && ( $cat_id === (int) $catarr['category_parent'] ) ) {
return false;
}
// First, get all of the original fields. $category = get_term( $cat_id, 'category', ARRAY_A );
_make_cat_compat( $category );
// Escape data pulled from DB. $category = wp_slash( $category );
// Merge old and new fields with new fields overwriting old ones. $catarr = array_merge( $category, $catarr );
return wp_insert_category( $catarr );
}
// // Tags. //
/**
* Escapes string or array of strings for database.
*
* @since 1.5.2
*
* @param string|array $data Escape single string or array of strings.
* @return string|void Returns with string is passed, alters by-reference
* when array is passed.
*/
public function escape( &$data ) {
if ( ! is_array( $data ) ) {
return wp_slash( $data );
}
foreach ( $data as &$v ) {
if ( is_array( $v ) ) {
$this->escape( $v );
} elseif ( ! is_object( $v ) ) {
$v = wp_slash( $v );
}
}
}
public function escape( &$data ) {
if ( ! is_array( $data ) ) {
return wp_slash( $data );
}
foreach ( $data as &$v ) {
if ( is_array( $v ) ) {
$this->escape( $v );
} elseif ( ! is_object( $v ) ) {
$v = wp_slash( $v );
}
}
}
if ( is_wp_error( $user ) ) {
return $user;
}
$prepared = $this->prepare_item_for_database( $request );
if ( is_wp_error( $prepared ) ) {
return $prepared;
}
$created = WP_Application_Passwords::create_new_application_password( $user->ID, wp_slash( (array) $prepared ) );
if ( is_wp_error( $created ) ) {
return $created;
}
$password = $created[0];
$item = WP_Application_Passwords::get_user_application_password( $user->ID, $created[1]['uuid'] );
$item['new_password'] = WP_Application_Passwords::chunk_password( $password );
$fields_update = $this->update_additional_fields_for_object( $item, $request );
return $user;
}
$prepared = $this->prepare_item_for_database( $request );
if ( is_wp_error( $prepared ) ) {
return $prepared;
}
$created = WP_Application_Passwords::create_new_application_password( $user->ID, wp_slash( (array) $prepared ) );
if ( is_wp_error( $created ) ) {
return $created;
}
$password = $created[0];
$item = WP_Application_Passwords::get_user_application_password( $user->ID, $created[1]['uuid'] );
$item['new_password'] = WP_Application_Passwords::chunk_password( $password );
$fields_update = $this->update_additional_fields_for_object( $item, $request );
if ( empty( $post->post_status ) ) {
wp_die( 1 );
} elseif ( in_array( $post->post_status, array( 'draft', 'pending', 'trash' ), true ) ) {
wp_die( __( 'You cannot reply to a comment on a draft post.' ) );
}
$user = wp_get_current_user();
if ( $user->exists() ) {
$comment_author = wp_slash( $user->display_name );
$comment_author_email = wp_slash( $user->user_email );
$comment_author_url = wp_slash( $user->user_url );
$user_id = $user->ID;
if ( current_user_can( 'unfiltered_html' ) ) {
if ( ! isset( $_POST['_wp_unfiltered_html_comment'] ) ) {
$_POST['_wp_unfiltered_html_comment'] = '';
}
if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
kses_remove_filters(); // Start with a clean slate.
function edit_user( $user_id = 0 ) {
$wp_roles = wp_roles();
$user = new stdClass();
$user_id = (int) $user_id;
if ( $user_id ) {
$update = true;
$user->ID = $user_id;
$userdata = get_userdata( $user_id );
$user->user_login = wp_slash( $userdata->user_login );
} else {
$update = false;
}
if ( ! $update && isset( $_POST['user_login'] ) ) {
$user->user_login = sanitize_user( wp_unslash( $_POST['user_login'] ), true );
}
$pass1 = '';
$pass2 = '';
if ( isset( $_POST['pass1'] ) ) {
if ( ! is_array( $value ) ) {
$value = explode( ' ', $value );
}
$menu_item_value[ $key ] = implode( ' ', array_map( 'sanitize_html_class', $value ) );
}
$menu_item_value['original_title'] = sanitize_text_field( $menu_item_value['original_title'] );
// Apply the same filters as when calling wp_insert_post().
/** This filter is documented in wp-includes/post.php */
$menu_item_value['title'] = wp_unslash( apply_filters( 'title_save_pre', wp_slash( $menu_item_value['title'] ) ) );
/** This filter is documented in wp-includes/post.php */
$menu_item_value['attr_title'] = wp_unslash( apply_filters( 'excerpt_save_pre', wp_slash( $menu_item_value['attr_title'] ) ) );
/** This filter is documented in wp-includes/post.php */
$menu_item_value['description'] = wp_unslash( apply_filters( 'content_save_pre', wp_slash( $menu_item_value['description'] ) ) );
if ( '' !== $menu_item_value['url'] ) {
$menu_item_value['url'] = sanitize_url( $menu_item_value['url'] );
if ( '' === $menu_item_value['url'] ) {
return new WP_Error( 'invalid_url', __( 'Invalid URL.' ) ); // Fail sanitization if URL is invalid.
$value = explode( ' ', $value );
}
$menu_item_value[ $key ] = implode( ' ', array_map( 'sanitize_html_class', $value ) );
}
$menu_item_value['original_title'] = sanitize_text_field( $menu_item_value['original_title'] );
// Apply the same filters as when calling wp_insert_post().
/** This filter is documented in wp-includes/post.php */
$menu_item_value['title'] = wp_unslash( apply_filters( 'title_save_pre', wp_slash( $menu_item_value['title'] ) ) );
/** This filter is documented in wp-includes/post.php */
$menu_item_value['attr_title'] = wp_unslash( apply_filters( 'excerpt_save_pre', wp_slash( $menu_item_value['attr_title'] ) ) );
/** This filter is documented in wp-includes/post.php */
$menu_item_value['description'] = wp_unslash( apply_filters( 'content_save_pre', wp_slash( $menu_item_value['description'] ) ) );
if ( '' !== $menu_item_value['url'] ) {
$menu_item_value['url'] = sanitize_url( $menu_item_value['url'] );
if ( '' === $menu_item_value['url'] ) {
return new WP_Error( 'invalid_url', __( 'Invalid URL.' ) ); // Fail sanitization if URL is invalid.
add_filter( 'wp_insert_post_data', array( $this, 'preserve_insert_changeset_post_content' ), 5, 3 );
if ( $changeset_post_id ) {
if ( $args['autosave'] && 'auto-draft' !== get_post_status( $changeset_post_id ) ) {
// See _wp_translate_postdata() for why this is required as it will use the edit_post meta capability. add_filter( 'map_meta_cap', array( $this, 'grant_edit_post_capability_for_changeset' ), 10, 4 );
$post_array['post_ID'] = $post_array['ID'];
$post_array['post_type'] = 'customize_changeset';
$r = wp_create_post_autosave( wp_slash( $post_array ) );
remove_filter( 'map_meta_cap', array( $this, 'grant_edit_post_capability_for_changeset' ), 10 );
} else {
$post_array['edit_date'] = true; // Prevent date clearing.
$r = wp_update_post( wp_slash( $post_array ), true );
// Delete autosave revision for user when the changeset is updated. if ( ! empty( $args['user_id'] ) ) {
$autosave_draft = wp_get_post_autosave( $changeset_post_id, $args['user_id'] );
if ( $autosave_draft ) {
if ( empty( $postarr['post_name'] ) ) {
$postarr['post_name'] = sanitize_title( $postarr['post_title'] );
}
if ( ! isset( $postarr['meta_input'] ) ) {
$postarr['meta_input'] = array();
}
$postarr['meta_input']['_customize_draft_post_name'] = $postarr['post_name'];
$postarr['meta_input']['_customize_changeset_uuid'] = $this->manager->changeset_uuid();
unset( $postarr['post_name'] );
add_filter( 'wp_insert_post_empty_content', '__return_false', 1000 );
$r = wp_insert_post( wp_slash( $postarr ), true );
remove_filter( 'wp_insert_post_empty_content', '__return_false', 1000 );
if ( is_wp_error( $r ) ) {
return $r;
} else {
return get_post( $r );
}
}
/** * Ajax handler for adding a new auto-draft post. * * @since 4.7.0 */
$postarr['post_name'] = sanitize_title( $postarr['post_title'] );
}
if ( ! isset( $postarr['meta_input'] ) ) {
$postarr['meta_input'] = array();
}
$postarr['meta_input']['_customize_draft_post_name'] = $postarr['post_name'];
$postarr['meta_input']['_customize_changeset_uuid'] = $this->manager->changeset_uuid();
unset( $postarr['post_name'] );
add_filter( 'wp_insert_post_empty_content', '__return_false', 1000 );
$r = wp_insert_post( wp_slash( $postarr ), true );
remove_filter( 'wp_insert_post_empty_content', '__return_false', 1000 );
if ( is_wp_error( $r ) ) {
return $r;
} else {
return get_post( $r );
}
}
/** * Ajax handler for adding a new auto-draft post. * * @since 4.7.0 */
require_once ABSPATH . 'wp-admin/includes/post.php';
}
$post_lock = wp_check_post_lock( $post->ID );
$is_draft = 'draft' === $post->post_status || 'auto-draft' === $post->post_status;
if ( $is_draft && (int) $post->post_author === $user_id && ! $post_lock ) {
/* * Draft posts for the same author: autosaving updates the post and does not create a revision. * Convert the post object to an array and add slashes, wp_update_post() expects escaped array. */
$autosave_id = wp_update_post( wp_slash( (array) $prepared_post ), true );
} else {
// Non-draft posts: create or update the post autosave. $autosave_id = $this->create_post_autosave( (array) $prepared_post );
}
if ( is_wp_error( $autosave_id ) ) {
return $autosave_id;
}
$autosave = get_post( $autosave_id );
$request->set_param( 'context', 'edit' );
}
$post_lock = wp_check_post_lock( $post->ID );
$is_draft = 'draft' === $post->post_status || 'auto-draft' === $post->post_status;
if ( $is_draft && (int) $post->post_author === $user_id && ! $post_lock ) {
/* * Draft posts for the same author: autosaving updates the post and does not create a revision. * Convert the post object to an array and add slashes, wp_update_post() expects escaped array. */
$autosave_id = wp_update_post( wp_slash( (array) $prepared_post ), true );
} else {
// Non-draft posts: create or update the post autosave. $autosave_id = $this->create_post_autosave( (array) $prepared_post );
}
if ( is_wp_error( $autosave_id ) ) {
return $autosave_id;
}
$autosave = get_post( $autosave_id );
$request->set_param( 'context', 'edit' );
function wp_update_post( $postarr = array(), $wp_error = false, $fire_after_hooks = true ) {
if ( is_object( $postarr ) ) {
// Non-escaped post was passed. $postarr = get_object_vars( $postarr );
$postarr = wp_slash( $postarr );
}
// First, get all of the original fields. $post = get_post( $postarr['ID'], ARRAY_A );
if ( is_null( $post ) ) {
if ( $wp_error ) {
return new WP_Error( 'invalid_post', __( 'Invalid post ID.' ) );
}
return 0;
}
$array_bits = array( $matches[1] );
if ( isset( $matches[3] ) ) {
$array_bits = array_merge( $array_bits, explode( '][', $matches[3] ) );
}
$new_post_data = array();
// Build the new array value from leaf to trunk. for ( $i = count( $array_bits ) - 1; $i >= 0; $i-- ) {
if ( count( $array_bits ) - 1 === $i ) {
$new_post_data[ $array_bits[ $i ] ] = wp_slash( $post_input_data->value );
} else {
$new_post_data = array( $array_bits[ $i ] => $new_post_data );
}
}
$_POST = array_replace_recursive( $_POST, $new_post_data );
}
}
}
if ( isset( $matches[3] ) ) {
$array_bits = array_merge( $array_bits, explode( '][', $matches[3] ) );
}
$new_post_data = array();
// Build the new array value from leaf to trunk. for ( $i = count( $array_bits ) - 1; $i >= 0; $i-- ) {
if ( count( $array_bits ) - 1 === $i ) {
$new_post_data[ $array_bits[ $i ] ] = wp_slash( $post_input_data->value );
} else {
$new_post_data = array( $array_bits[ $i ] => $new_post_data );
}
}
$_POST = array_replace_recursive( $_POST, $new_post_data );
}
}
}