Changeset 718
- Timestamp:
- Apr 25, 2011, 10:11:10 AM (13 years ago)
- Location:
- trunk/xpressme_integration_kit/wp-content/plugins/xpressme/include
- Files:
-
- 2 edited
-
functions_for_wp_old.php (modified) (1 diff)
-
xpress_upgrade.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/xpressme_integration_kit/wp-content/plugins/xpressme/include/functions_for_wp_old.php
r454 r718 344 344 } 345 345 endif; // Under WP2.7 346 347 // Under WP2.8 348 if (version_compare($xoops_config->wp_version,'2.8', '<')) : 349 function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) { 350 $string = (string) $string; 351 352 if ( 0 === strlen( $string ) ) { 353 return ''; 354 } 355 356 // Don't bother if there are no specialchars - saves some processing 357 if ( !preg_match( '/[&<>"\']/', $string ) ) { 358 return $string; 359 } 360 361 // Account for the previous behaviour of the function when the $quote_style is not an accepted value 362 if ( empty( $quote_style ) ) { 363 $quote_style = ENT_NOQUOTES; 364 } elseif ( !in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) { 365 $quote_style = ENT_QUOTES; 366 } 367 368 // Store the site charset as a static to avoid multiple calls to wp_load_alloptions() 369 if ( !$charset ) { 370 static $_charset; 371 if ( !isset( $_charset ) ) { 372 $alloptions = wp_load_alloptions(); 373 $_charset = isset( $alloptions['blog_charset'] ) ? $alloptions['blog_charset'] : ''; 374 } 375 $charset = $_charset; 376 } 377 if ( in_array( $charset, array( 'utf8', 'utf-8', 'UTF8' ) ) ) { 378 $charset = 'UTF-8'; 379 } 380 381 $_quote_style = $quote_style; 382 383 if ( $quote_style === 'double' ) { 384 $quote_style = ENT_COMPAT; 385 $_quote_style = ENT_COMPAT; 386 } elseif ( $quote_style === 'single' ) { 387 $quote_style = ENT_NOQUOTES; 388 } 389 390 // Handle double encoding ourselves 391 if ( !$double_encode ) { 392 $string = wp_specialchars_decode( $string, $_quote_style ); 393 394 /* Critical */ 395 // The previous line decodes &phrase; into &phrase; We must guarantee that &phrase; is valid before proceeding. 396 $string = wp_kses_normalize_entities($string); 397 398 // Now proceed with custom double-encoding silliness 399 $string = preg_replace( '/&(#?x?[0-9a-z]+);/i', '|wp_entity|$1|/wp_entity|', $string ); 400 } 401 402 $string = @htmlspecialchars( $string, $quote_style, $charset ); 403 404 // Handle double encoding ourselves 405 if ( !$double_encode ) { 406 $string = str_replace( array( '|wp_entity|', '|/wp_entity|' ), array( '&', ';' ), $string ); 407 } 408 409 // Backwards compatibility 410 if ( 'single' === $_quote_style ) { 411 $string = str_replace( "'", ''', $string ); 412 } 413 414 return $string; 415 } 416 417 /** 418 * Checks for invalid UTF8 in a string. 419 * 420 * @since 2.8 421 * 422 * @param string $string The text which is to be checked. 423 * @param boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false. 424 * @return string The checked text. 425 */ 426 function wp_check_invalid_utf8( $string, $strip = false ) { 427 $string = (string) $string; 428 429 if ( 0 === strlen( $string ) ) { 430 return ''; 431 } 432 433 // Store the site charset as a static to avoid multiple calls to get_option() 434 static $is_utf8; 435 if ( !isset( $is_utf8 ) ) { 436 $is_utf8 = in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ); 437 } 438 if ( !$is_utf8 ) { 439 return $string; 440 } 441 442 // Check for support for utf8 in the installed PCRE library once and store the result in a static 443 static $utf8_pcre; 444 if ( !isset( $utf8_pcre ) ) { 445 $utf8_pcre = @preg_match( '/^./u', 'a' ); 446 } 447 // We can't demand utf8 in the PCRE installation, so just return the string in those cases 448 if ( !$utf8_pcre ) { 449 return $string; 450 } 451 452 // preg_match fails when it encounters invalid UTF8 in $string 453 if ( 1 === @preg_match( '/^./us', $string ) ) { 454 return $string; 455 } 456 457 // Attempt to strip the bad chars if requested (not recommended) 458 if ( $strip && function_exists( 'iconv' ) ) { 459 return iconv( 'utf-8', 'utf-8', $string ); 460 } 461 462 return ''; 463 } 464 465 /** 466 * Perform a deep string replace operation to ensure the values in $search are no longer present 467 * 468 * Repeats the replacement operation until it no longer replaces anything so as to remove "nested" values 469 * e.g. $subject = '%0%0%0DDD', $search ='%0D', $result ='' rather than the '%0%0DD' that 470 * str_replace would return 471 * 472 * @since 2.8.1 473 * @access private 474 * 475 * @param string|array $search 476 * @param string $subject 477 * @return string The processed string 478 */ 479 function _deep_replace( $search, $subject ) { 480 $found = true; 481 $subject = (string) $subject; 482 while ( $found ) { 483 $found = false; 484 foreach ( (array) $search as $val ) { 485 while ( strpos( $subject, $val ) !== false ) { 486 $found = true; 487 $subject = str_replace( $val, '', $subject ); 488 } 489 } 490 } 491 492 return $subject; 493 } 494 495 496 /* @since 2.8.0 497 * @uses wp_kses_bad_protocol() To only permit protocols in the URL set 498 * via $protocols or the common ones set in the function. 499 * 500 * @param string $url The URL to be cleaned. 501 * @param array $protocols Optional. An array of acceptable protocols. 502 * Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set. 503 * @param string $_context Private. Use esc_url_raw() for database usage. 504 * @return string The cleaned $url after the 'clean_url' filter is applied. 505 */ 506 function esc_url( $url, $protocols = null, $_context = 'display' ) { 507 $original_url = $url; 508 509 if ( '' == $url ) 510 return $url; 511 $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url); 512 $strip = array('%0d', '%0a', '%0D', '%0A'); 513 $url = _deep_replace($strip, $url); 514 $url = str_replace(';//', '://', $url); 515 /* If the URL doesn't appear to contain a scheme, we 516 * presume it needs http:// appended (unless a relative 517 * link starting with / or a php file). 518 */ 519 if ( strpos($url, ':') === false && 520 substr( $url, 0, 1 ) != '/' && substr( $url, 0, 1 ) != '#' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) ) 521 $url = 'http://' . $url; 522 523 // Replace ampersands and single quotes only when displaying. 524 if ( 'display' == $_context ) { 525 $url = wp_kses_normalize_entities( $url ); 526 $url = str_replace( '&', '&', $url ); 527 $url = str_replace( "'", ''', $url ); 528 } 529 530 if ( !is_array($protocols) ) 531 $protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn'); 532 if ( wp_kses_bad_protocol( $url, $protocols ) != $url ) 533 return ''; 534 535 return apply_filters('clean_url', $url, $original_url, $_context); 536 } 537 /** 538 * Escaping for HTML attributes. 539 * 540 * @since 2.8.0 541 * 542 * @param string $text 543 * @return string 544 */ 545 function esc_attr( $text ) { 546 $safe_text = wp_check_invalid_utf8( $text ); 547 $safe_text = _wp_specialchars( $safe_text, ENT_QUOTES ); 548 return apply_filters( 'attribute_escape', $safe_text, $text ); 549 } 550 551 endif; // Under WP2.8 346 552 ?> -
trunk/xpressme_integration_kit/wp-content/plugins/xpressme/include/xpress_upgrade.php
r715 r718 202 202 function upgrade_page() 203 203 { 204 if ( ! current_user_can('update_plugins') )205 wp_die(__('You do not have sufficient permissions to update XPressME Integration Kit for this site.', 'xpressme'));206 204 $action = isset($_GET['action']) ? $_GET['action'] : 'upgrade-xpress'; 207 205 $upgrade_error = false;
Note: See TracChangeset
for help on using the changeset viewer.
