CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
wp_strip_all_tags example
private function send_recovery_mode_email( $rate_limit, $error, $extension ) {
$url = $this->link_service->generate_url();
$blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
$switched_locale = switch_to_locale( get_locale() );
if ( $extension ) {
$cause = $this->get_cause( $extension );
$details = wp_strip_all_tags( wp_get_extension_error_description( $error ) );
if ( $details ) {
$header = __( 'Error Details' );
$details = "\n\n" . $header . "\n" . str_pad( '', strlen( $header ), '=' ) . "\n" . $details;
}
} else {
$cause = '';
$details = '';
}
/** * Filters the support message sent with the the fatal error protection email. * * @since 5.2.0 * * @param string $message The Message to include in the email. */
do_action( 'wp_check_comment_disallowed_list', $author, $email, $url, $comment, $user_ip, $user_agent );
$mod_keys = trim( get_option( 'disallowed_keys' ) );
if ( '' === $mod_keys ) {
return false; // If moderation keys are empty. }
// Ensure HTML tags are not being used to bypass the list of disallowed characters and words. $comment_without_html = wp_strip_all_tags( $comment );
$words = explode( "\n", $mod_keys );
foreach ( (array) $words as $word ) {
$word = trim( $word );
// Skip empty lines. if ( empty( $word ) ) {
continue; }
// Do some escaping magic so that '#' chars in the spam words don't break things:
$menu_item->type = ! isset( $menu_item->type ) ? get_post_meta( $menu_item->ID, '_menu_item_type', true ) : $menu_item->type;
if ( 'post_type' === $menu_item->type ) {
$object = get_post_type_object( $menu_item->object );
if ( $object ) {
$menu_item->type_label = $object->labels->singular_name;
// Denote post states for special pages (only in the admin). if ( function_exists( 'get_post_states' ) ) {
$menu_post = get_post( $menu_item->object_id );
$post_states = get_post_states( $menu_post );
if ( $post_states ) {
$menu_item->type_label = wp_strip_all_tags( implode( ', ', $post_states ) );
}
}
} else {
$menu_item->type_label = $menu_item->object;
$menu_item->_invalid = true;
}
if ( 'trash' === get_post_status( $menu_item->object_id ) ) {
$menu_item->_invalid = true;
}
if ( 'post_type' === $menu_item->type ) {
$object = get_post_type_object( $menu_item->object );
if ( $object ) {
$menu_item->type_label = $object->labels->singular_name;
// Denote post states for special pages (only in the admin). if ( function_exists( 'get_post_states' ) ) {
$menu_post = get_post( $menu_item->object_id );
$post_states = get_post_states( $menu_post );
if ( $post_states ) {
$menu_item->type_label = wp_strip_all_tags( implode( ', ', $post_states ) );
}
}
} else {
$menu_item->type_label = $menu_item->object;
$menu_item->_invalid = true;
}
if ( 'trash' === get_post_status( $menu_item->object_id ) ) {
$menu_item->_invalid = true;
}
}
if ( (int) $page['page_id'] === $front_page_id ) {
$css_class .= ' menu-item-home';
}
$title = wp_kses_post( $page['title'] );
$aria_label = sprintf(
/* translators: Accessibility text. %s: Parent page title. */
__( '%s submenu' ),
wp_strip_all_tags( $title )
);
$markup .= '<li class="wp-block-pages-list__item' . esc_attr( $css_class ) . '"' . $style_attribute . '>';
if ( isset( $page['children'] ) && $is_navigation_child && $open_submenus_on_click ) {
$markup .= '<button aria-label="' . esc_attr( $aria_label ) . '" class="' . esc_attr( $navigation_child_content_class ) . ' wp-block-navigation-submenu__toggle" aria-expanded="false">' . esc_html( $title ) .
'</button><span class="wp-block-page-list__submenu-icon wp-block-navigation__submenu-icon"><svg xmlns="http://www.w3.org/2000/svg" width="12" height="12" viewBox="0 0 12 12" fill="none" aria-hidden="true" focusable="false"><path d="M1.50002 4L6.00002 8L10.5 4" stroke-width="1.5"></path></svg></span>';
} else {
$markup .= '<a class="wp-block-pages-list__item__link' . esc_attr( $navigation_child_content_class ) . '" href="' . esc_url( $page['link'] ) . '"' . $aria_current . '>' . $title . '</a>';
}
// Include the button element class.
$button_classes[] = wp_theme_get_element_class_name( 'button' );
$button = new WP_HTML_Tag_Processor( sprintf( '<button type="submit" %s>%s</button>', $inline_styles['button'], $button_internal_markup ) );
if ( $button->next_tag() ) {
$button->add_class( implode( ' ', $button_classes ) );
if ( 'expand-searchfield' === $attributes['buttonBehavior'] && 'button-only' === $attributes['buttonPosition'] ) {
$button->set_attribute( 'aria-label', __( 'Expand search field' ) );
$button->set_attribute( 'aria-controls', 'wp-block-search__input-' . $input_id );
$button->set_attribute( 'aria-expanded', 'false' );
} else {
$button->set_attribute( 'aria-label', wp_strip_all_tags( $attributes['buttonText'] ) );
}
}
}
$field_markup_classes = $is_button_inside ? $border_color_classes : '';
$field_markup = sprintf(
'<div class="wp-block-search__inside-wrapper %s" %s>%s</div>',
esc_attr( $field_markup_classes ),
$inline_styles['wrapper'],
$input . $query_params_markup . $button
);
$button = new WP_HTML_Tag_Processor( sprintf( '<button type="submit" %s>%s</button>', $inline_styles['button'], $button_internal_markup ) );
if ( $button->next_tag() ) {
$button->add_class( implode( ' ', $button_classes ) );
if ( 'expand-searchfield' === $attributes['buttonBehavior'] && 'button-only' === $attributes['buttonPosition'] ) {
$button->set_attribute( 'aria-label', __( 'Expand search field' ) );
$button->set_attribute( 'aria-controls', 'wp-block-search__input-' . $input_id );
$button->set_attribute( 'aria-expanded', 'false' );
} else {
$button->set_attribute( 'aria-label', wp_strip_all_tags( $attributes['buttonText'] ) );
}
}
}
$field_markup_classes = $is_button_inside ? $border_color_classes : '';
$field_markup = sprintf(
'<div class="wp-block-search__inside-wrapper %s" %s>%s</div>',
esc_attr( $field_markup_classes ),
$inline_styles['wrapper'],
$input . $query_params_markup . $button
);
if ( empty( $title ) ) {
continue;
}
/* * The Comments column uses HTML in the display name with some screen * reader text. Make sure to strip tags from the Comments column * title and any other custom column title plugins might add. */
$title = wp_strip_all_tags( $title );
$id = "$column-hide";
echo '<label>';
echo '<input class="hide-column-tog" name="' . $id . '" type="checkbox" id="' . $id . '" value="' . $column . '"' . checked( ! in_array( $column, $hidden, true ), true, false ) . ' />';
echo "$title</label>\n";
}
?> </fieldset> <?php }
$css = sprintf( '%s { %s: %s; }', $selector, $style, $prefix . $value . $suffix );
if ( $display ) {
/* * Note to reviewers: $css contains auto-generated CSS. * It is included inside <style> tags and can only be interpreted as CSS on the browser. * Using wp_strip_all_tags() here is sufficient escaping to avoid * malicious attempts to close </style> and open a <script>. */
echo wp_strip_all_tags( $css ); // phpcs:ignore WordPress.Security.EscapeOutput }
return $css;
}
$is_same_theme = $is_same_theme && ( $old_value === $new_value );
$diff_field = ( 'Version' !== $field && $new_value !== $old_value );
$diff_version = ( 'Version' === $field && $this->is_downgrading );
$invalid_parent = false;
if ( 'Template' === $field && $is_invalid_parent ) {
$invalid_parent = true;
$new_value .= ' ' . __( '(not found)' );
}
$table .= '<tr><td class="name-label">' . $label . '</td><td>' . wp_strip_all_tags( $old_value ) . '</td>';
$table .= ( $diff_field || $diff_version || $invalid_parent ) ? '<td class="warning">' : '<td>';
$table .= wp_strip_all_tags( $new_value ) . '</td></tr>';
}
$table .= '</tbody></table>';
/** * Filters the compare table output for overwriting a theme package on upload. * * @since 5.5.0 * * @param string $table The output table with Name, Version, Author, RequiresWP, and RequiresPHP info. * @param WP_Theme $current_theme_data Active theme data. * @param array $new_theme_data Array with uploaded theme data. */
$diff_field = ( 'Version' !== $field && $new_value !== $old_value );
$diff_version = ( 'Version' === $field && $this->is_downgrading );
$invalid_parent = false;
if ( 'Template' === $field && $is_invalid_parent ) {
$invalid_parent = true;
$new_value .= ' ' . __( '(not found)' );
}
$table .= '<tr><td class="name-label">' . $label . '</td><td>' . wp_strip_all_tags( $old_value ) . '</td>';
$table .= ( $diff_field || $diff_version || $invalid_parent ) ? '<td class="warning">' : '<td>';
$table .= wp_strip_all_tags( $new_value ) . '</td></tr>';
}
$table .= '</tbody></table>';
/** * Filters the compare table output for overwriting a theme package on upload. * * @since 5.5.0 * * @param string $table The output table with Name, Version, Author, RequiresWP, and RequiresPHP info. * @param WP_Theme $current_theme_data Active theme data. * @param array $new_theme_data Array with uploaded theme data. */
$is_primary = $primary === $column_name;
$classes = "{$column_name} column-{$column_name}";
if ( $is_primary ) {
$classes .= ' has-row-actions column-primary';
}
if ( in_array( $column_name, $hidden, true ) ) {
$classes .= ' hidden';
}
printf( '<td class="%s" data-colname="%s">', esc_attr( $classes ), esc_attr( wp_strip_all_tags( $display_name ) ) );
switch ( $column_name ) {
case 'name':
echo '{{ data.name }}';
break;
case 'created':
// JSON encoding automatically doubles backslashes to ensure they don't get lost when printing the inline JS. echo '<# print( wp.date.dateI18n( ' . wp_json_encode( __( 'F j, Y' ) ) . ', data.created ) ) #>';
break;
case 'last_used':
echo '<# print( data.last_used !== null ? wp.date.dateI18n( ' . wp_json_encode( __( 'F j, Y' ) ) . ", data.last_used ) : '—' ) #>";
$classes = "{$column_name} column-{$column_name}";
if ( $is_primary ) {
$classes .= ' has-row-actions column-primary';
}
if ( in_array( $column_name, $hidden, true ) ) {
$classes .= ' hidden';
}
printf( '<td class="%s" data-colname="%s">', esc_attr( $classes ), esc_attr( wp_strip_all_tags( $display_name ) ) );
switch ( $column_name ) {
case 'name':
echo '{{ data.name }}';
break;
case 'created':
// JSON encoding automatically doubles backslashes to ensure they don't get lost when printing the inline JS. echo '<# print( wp.date.dateI18n( ' . wp_json_encode( __( 'F j, Y' ) ) . ', data.created ) ) #>';
break;
case 'last_used':
echo '<# print( data.last_used !== null ? wp.date.dateI18n( ' . wp_json_encode( __( 'F j, Y' ) ) . ", data.last_used ) : '—' ) #>";
$is_same_plugin = true; // Let's consider only these rows.
foreach ( $rows as $field => $label ) {
$old_value = ! empty( $current_plugin_data[ $field ] ) ? (string) $current_plugin_data[ $field ] : '-';
$new_value = ! empty( $new_plugin_data[ $field ] ) ? (string) $new_plugin_data[ $field ] : '-';
$is_same_plugin = $is_same_plugin && ( $old_value === $new_value );
$diff_field = ( 'Version' !== $field && $new_value !== $old_value );
$diff_version = ( 'Version' === $field && $this->is_downgrading );
$table .= '<tr><td class="name-label">' . $label . '</td><td>' . wp_strip_all_tags( $old_value ) . '</td>';
$table .= ( $diff_field || $diff_version ) ? '<td class="warning">' : '<td>';
$table .= wp_strip_all_tags( $new_value ) . '</td></tr>';
}
$table .= '</tbody></table>';
/** * Filters the compare table output for overwriting a plugin package on upload. * * @since 5.5.0 * * @param string $table The output table with Name, Version, Author, RequiresWP, and RequiresPHP info. * @param array $current_plugin_data Array with current plugin data. * @param array $new_plugin_data Array with uploaded plugin data. */
foreach ( $rows as $field => $label ) {
$old_value = ! empty( $current_plugin_data[ $field ] ) ? (string) $current_plugin_data[ $field ] : '-';
$new_value = ! empty( $new_plugin_data[ $field ] ) ? (string) $new_plugin_data[ $field ] : '-';
$is_same_plugin = $is_same_plugin && ( $old_value === $new_value );
$diff_field = ( 'Version' !== $field && $new_value !== $old_value );
$diff_version = ( 'Version' === $field && $this->is_downgrading );
$table .= '<tr><td class="name-label">' . $label . '</td><td>' . wp_strip_all_tags( $old_value ) . '</td>';
$table .= ( $diff_field || $diff_version ) ? '<td class="warning">' : '<td>';
$table .= wp_strip_all_tags( $new_value ) . '</td></tr>';
}
$table .= '</tbody></table>';
/** * Filters the compare table output for overwriting a plugin package on upload. * * @since 5.5.0 * * @param string $table The output table with Name, Version, Author, RequiresWP, and RequiresPHP info. * @param array $current_plugin_data Array with current plugin data. * @param array $new_plugin_data Array with uploaded plugin data. */
function sanitize_user( $username, $strict = false ) {
$raw_username = $username;
$username = wp_strip_all_tags( $username );
$username = remove_accents( $username );
// Remove percent-encoded characters. $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
// Remove HTML entities. $username = preg_replace( '/&.+?;/', '', $username );
// If strict, reduce to ASCII for max portability. if ( $strict ) {
$username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
}
private function prepare_metadata_for_output( $metadata ) {
$metadata = html_entity_decode( $metadata, ENT_QUOTES, get_bloginfo( 'charset' ) );
$metadata = wp_strip_all_tags( $metadata );
return $metadata;
}
/** * Utility function to build cache key for a given URL. * * @since 5.9.0 * * @param string $url The URL for which to build a cache key. * @return string The cache key. */
$label = '';
if ( isset( $attributes['label'] ) ) {
$label .= wp_kses_post( $attributes['label'] );
}
$aria_label = sprintf(
/* translators: Accessibility text. %s: Parent page title. */
__( '%s submenu' ),
wp_strip_all_tags( $label )
);
$html = '<li ' . $wrapper_attributes . '>';
// If Submenus open on hover, we render an anchor tag with attributes. // If submenu icons are set to show, we also render a submenu button, so the submenu can be opened on click. if ( ! $open_on_click ) {
$item_url = isset( $attributes['url'] ) ? $attributes['url'] : '';
// Start appending HTML attributes to anchor tag. $html .= '<a class="wp-block-navigation-item__content"';
protected static function filter_declaration( $property, $value, $spacer = '' ) {
$filtered_value = wp_strip_all_tags( $value, true );
if ( '' !== $filtered_value ) {
return safecss_filter_attr( "{$property}:{$spacer}{$filtered_value}" );
}
return '';
}
/** * Filters and compiles the CSS declarations. * * @since 6.1.0 * * @param bool $should_prettify Optional. Whether to add spacing, new lines and indents. * Default false. * @param int $indent_count Optional. The number of tab indents to apply to the rule. * Applies if `prettify` is `true`. Default 0. * @return string The CSS declarations. */
$post = apply_filters( 'attachment_fields_to_save', $post, $attachment );
if ( isset( $attachment['image_alt'] ) ) {
$image_alt = wp_unslash( $attachment['image_alt'] );
if ( get_post_meta( $attachment_id, '_wp_attachment_image_alt', true ) !== $image_alt ) {
$image_alt = wp_strip_all_tags( $image_alt, true );
// update_post_meta() expects slashed. update_post_meta( $attachment_id, '_wp_attachment_image_alt', wp_slash( $image_alt ) );
}
}
if ( isset( $post['errors'] ) ) {
$errors[ $attachment_id ] = $post['errors'];
unset( $post['errors'] );
}