Edit File by line
/home/zeestwma/ajeebong.../wp-inclu...
File: shortcodes.php
[500] Fix | Delete
$attributes = wp_kses_attr_parse( $element );
[501] Fix | Delete
if ( false === $attributes ) {
[502] Fix | Delete
// Some plugins are doing things like [name] <[email]>.
[503] Fix | Delete
if ( 1 === preg_match( '%^<\s*\[\[?[^\[\]]+\]%', $element ) ) {
[504] Fix | Delete
$element = preg_replace_callback( "/$pattern/", 'do_shortcode_tag', $element );
[505] Fix | Delete
}
[506] Fix | Delete
[507] Fix | Delete
// Looks like we found some unexpected unfiltered HTML. Skipping it for confidence.
[508] Fix | Delete
$element = strtr( $element, $trans );
[509] Fix | Delete
continue;
[510] Fix | Delete
}
[511] Fix | Delete
[512] Fix | Delete
// Get element name.
[513] Fix | Delete
$front = array_shift( $attributes );
[514] Fix | Delete
$back = array_pop( $attributes );
[515] Fix | Delete
$matches = array();
[516] Fix | Delete
preg_match( '%[a-zA-Z0-9]+%', $front, $matches );
[517] Fix | Delete
$elname = $matches[0];
[518] Fix | Delete
[519] Fix | Delete
// Look for shortcodes in each attribute separately.
[520] Fix | Delete
foreach ( $attributes as &$attr ) {
[521] Fix | Delete
$open = strpos( $attr, '[' );
[522] Fix | Delete
$close = strpos( $attr, ']' );
[523] Fix | Delete
if ( false === $open || false === $close ) {
[524] Fix | Delete
continue; // Go to next attribute. Square braces will be escaped at end of loop.
[525] Fix | Delete
}
[526] Fix | Delete
$double = strpos( $attr, '"' );
[527] Fix | Delete
$single = strpos( $attr, "'" );
[528] Fix | Delete
if ( ( false === $single || $open < $single ) && ( false === $double || $open < $double ) ) {
[529] Fix | Delete
/*
[530] Fix | Delete
* $attr like '[shortcode]' or 'name = [shortcode]' implies unfiltered_html.
[531] Fix | Delete
* In this specific situation we assume KSES did not run because the input
[532] Fix | Delete
* was written by an administrator, so we should avoid changing the output
[533] Fix | Delete
* and we do not need to run KSES here.
[534] Fix | Delete
*/
[535] Fix | Delete
$attr = preg_replace_callback( "/$pattern/", 'do_shortcode_tag', $attr );
[536] Fix | Delete
} else {
[537] Fix | Delete
/*
[538] Fix | Delete
* $attr like 'name = "[shortcode]"' or "name = '[shortcode]'".
[539] Fix | Delete
* We do not know if $content was unfiltered. Assume KSES ran before shortcodes.
[540] Fix | Delete
*/
[541] Fix | Delete
$count = 0;
[542] Fix | Delete
$new_attr = preg_replace_callback( "/$pattern/", 'do_shortcode_tag', $attr, -1, $count );
[543] Fix | Delete
if ( $count > 0 ) {
[544] Fix | Delete
// Sanitize the shortcode output using KSES.
[545] Fix | Delete
$new_attr = wp_kses_one_attr( $new_attr, $elname );
[546] Fix | Delete
if ( '' !== trim( $new_attr ) ) {
[547] Fix | Delete
// The shortcode is safe to use now.
[548] Fix | Delete
$attr = $new_attr;
[549] Fix | Delete
}
[550] Fix | Delete
}
[551] Fix | Delete
}
[552] Fix | Delete
}
[553] Fix | Delete
$element = $front . implode( '', $attributes ) . $back;
[554] Fix | Delete
[555] Fix | Delete
// Now encode any remaining '[' or ']' chars.
[556] Fix | Delete
$element = strtr( $element, $trans );
[557] Fix | Delete
}
[558] Fix | Delete
[559] Fix | Delete
$content = implode( '', $textarr );
[560] Fix | Delete
[561] Fix | Delete
return $content;
[562] Fix | Delete
}
[563] Fix | Delete
[564] Fix | Delete
/**
[565] Fix | Delete
* Removes placeholders added by do_shortcodes_in_html_tags().
[566] Fix | Delete
*
[567] Fix | Delete
* @since 4.2.3
[568] Fix | Delete
*
[569] Fix | Delete
* @param string $content Content to search for placeholders.
[570] Fix | Delete
* @return string Content with placeholders removed.
[571] Fix | Delete
*/
[572] Fix | Delete
function unescape_invalid_shortcodes( $content ) {
[573] Fix | Delete
// Clean up entire string, avoids re-parsing HTML.
[574] Fix | Delete
$trans = array(
[575] Fix | Delete
'&#91;' => '[',
[576] Fix | Delete
'&#93;' => ']',
[577] Fix | Delete
);
[578] Fix | Delete
[579] Fix | Delete
$content = strtr( $content, $trans );
[580] Fix | Delete
[581] Fix | Delete
return $content;
[582] Fix | Delete
}
[583] Fix | Delete
[584] Fix | Delete
/**
[585] Fix | Delete
* Retrieves the shortcode attributes regex.
[586] Fix | Delete
*
[587] Fix | Delete
* @since 4.4.0
[588] Fix | Delete
*
[589] Fix | Delete
* @return string The shortcode attribute regular expression.
[590] Fix | Delete
*/
[591] Fix | Delete
function get_shortcode_atts_regex() {
[592] Fix | Delete
return '/([\w-]+)\s*=\s*"([^"]*)"(?:\s|$)|([\w-]+)\s*=\s*\'([^\']*)\'(?:\s|$)|([\w-]+)\s*=\s*([^\s\'"]+)(?:\s|$)|"([^"]*)"(?:\s|$)|\'([^\']*)\'(?:\s|$)|(\S+)(?:\s|$)/';
[593] Fix | Delete
}
[594] Fix | Delete
[595] Fix | Delete
/**
[596] Fix | Delete
* Retrieves all attributes from the shortcodes tag.
[597] Fix | Delete
*
[598] Fix | Delete
* The attributes list has the attribute name as the key and the value of the
[599] Fix | Delete
* attribute as the value in the key/value pair. This allows for easier
[600] Fix | Delete
* retrieval of the attributes, since all attributes have to be known.
[601] Fix | Delete
*
[602] Fix | Delete
* @since 2.5.0
[603] Fix | Delete
* @since 6.5.0 The function now always returns an array,
[604] Fix | Delete
* even if the original arguments string cannot be parsed or is empty.
[605] Fix | Delete
*
[606] Fix | Delete
* @param string $text Shortcode arguments list.
[607] Fix | Delete
* @return array Array of attribute values keyed by attribute name.
[608] Fix | Delete
* Returns empty array if there are no attributes
[609] Fix | Delete
* or if the original arguments string cannot be parsed.
[610] Fix | Delete
*/
[611] Fix | Delete
function shortcode_parse_atts( $text ) {
[612] Fix | Delete
$atts = array();
[613] Fix | Delete
$pattern = get_shortcode_atts_regex();
[614] Fix | Delete
$text = preg_replace( "/[\x{00a0}\x{200b}]+/u", ' ', $text );
[615] Fix | Delete
if ( preg_match_all( $pattern, $text, $match, PREG_SET_ORDER ) ) {
[616] Fix | Delete
foreach ( $match as $m ) {
[617] Fix | Delete
if ( ! empty( $m[1] ) ) {
[618] Fix | Delete
$atts[ strtolower( $m[1] ) ] = stripcslashes( $m[2] );
[619] Fix | Delete
} elseif ( ! empty( $m[3] ) ) {
[620] Fix | Delete
$atts[ strtolower( $m[3] ) ] = stripcslashes( $m[4] );
[621] Fix | Delete
} elseif ( ! empty( $m[5] ) ) {
[622] Fix | Delete
$atts[ strtolower( $m[5] ) ] = stripcslashes( $m[6] );
[623] Fix | Delete
} elseif ( isset( $m[7] ) && strlen( $m[7] ) ) {
[624] Fix | Delete
$atts[] = stripcslashes( $m[7] );
[625] Fix | Delete
} elseif ( isset( $m[8] ) && strlen( $m[8] ) ) {
[626] Fix | Delete
$atts[] = stripcslashes( $m[8] );
[627] Fix | Delete
} elseif ( isset( $m[9] ) ) {
[628] Fix | Delete
$atts[] = stripcslashes( $m[9] );
[629] Fix | Delete
}
[630] Fix | Delete
}
[631] Fix | Delete
[632] Fix | Delete
// Reject any unclosed HTML elements.
[633] Fix | Delete
foreach ( $atts as &$value ) {
[634] Fix | Delete
if ( str_contains( $value, '<' ) ) {
[635] Fix | Delete
if ( 1 !== preg_match( '/^[^<]*+(?:<[^>]*+>[^<]*+)*+$/', $value ) ) {
[636] Fix | Delete
$value = '';
[637] Fix | Delete
}
[638] Fix | Delete
}
[639] Fix | Delete
}
[640] Fix | Delete
}
[641] Fix | Delete
[642] Fix | Delete
return $atts;
[643] Fix | Delete
}
[644] Fix | Delete
[645] Fix | Delete
/**
[646] Fix | Delete
* Combines user attributes with known attributes and fill in defaults when needed.
[647] Fix | Delete
*
[648] Fix | Delete
* The pairs should be considered to be all of the attributes which are
[649] Fix | Delete
* supported by the caller and given as a list. The returned attributes will
[650] Fix | Delete
* only contain the attributes in the $pairs list.
[651] Fix | Delete
*
[652] Fix | Delete
* If the $atts list has unsupported attributes, then they will be ignored and
[653] Fix | Delete
* removed from the final returned list.
[654] Fix | Delete
*
[655] Fix | Delete
* @since 2.5.0
[656] Fix | Delete
*
[657] Fix | Delete
* @param array $pairs Entire list of supported attributes and their defaults.
[658] Fix | Delete
* @param array $atts User defined attributes in shortcode tag.
[659] Fix | Delete
* @param string $shortcode Optional. The name of the shortcode, provided for context to enable filtering
[660] Fix | Delete
* @return array Combined and filtered attribute list.
[661] Fix | Delete
*/
[662] Fix | Delete
function shortcode_atts( $pairs, $atts, $shortcode = '' ) {
[663] Fix | Delete
$atts = (array) $atts;
[664] Fix | Delete
$out = array();
[665] Fix | Delete
foreach ( $pairs as $name => $default ) {
[666] Fix | Delete
if ( array_key_exists( $name, $atts ) ) {
[667] Fix | Delete
$out[ $name ] = $atts[ $name ];
[668] Fix | Delete
} else {
[669] Fix | Delete
$out[ $name ] = $default;
[670] Fix | Delete
}
[671] Fix | Delete
}
[672] Fix | Delete
[673] Fix | Delete
if ( $shortcode ) {
[674] Fix | Delete
/**
[675] Fix | Delete
* Filters shortcode attributes.
[676] Fix | Delete
*
[677] Fix | Delete
* If the third parameter of the shortcode_atts() function is present then this filter is available.
[678] Fix | Delete
* The third parameter, $shortcode, is the name of the shortcode.
[679] Fix | Delete
*
[680] Fix | Delete
* @since 3.6.0
[681] Fix | Delete
* @since 4.4.0 Added the `$shortcode` parameter.
[682] Fix | Delete
*
[683] Fix | Delete
* @param array $out The output array of shortcode attributes.
[684] Fix | Delete
* @param array $pairs The supported attributes and their defaults.
[685] Fix | Delete
* @param array $atts The user defined shortcode attributes.
[686] Fix | Delete
* @param string $shortcode The shortcode name.
[687] Fix | Delete
*/
[688] Fix | Delete
$out = apply_filters( "shortcode_atts_{$shortcode}", $out, $pairs, $atts, $shortcode );
[689] Fix | Delete
}
[690] Fix | Delete
[691] Fix | Delete
return $out;
[692] Fix | Delete
}
[693] Fix | Delete
[694] Fix | Delete
/**
[695] Fix | Delete
* Removes all shortcode tags from the given content.
[696] Fix | Delete
*
[697] Fix | Delete
* @since 2.5.0
[698] Fix | Delete
*
[699] Fix | Delete
* @global array $shortcode_tags
[700] Fix | Delete
*
[701] Fix | Delete
* @param string $content Content to remove shortcode tags.
[702] Fix | Delete
* @return string Content without shortcode tags.
[703] Fix | Delete
*/
[704] Fix | Delete
function strip_shortcodes( $content ) {
[705] Fix | Delete
global $shortcode_tags;
[706] Fix | Delete
[707] Fix | Delete
if ( ! str_contains( $content, '[' ) ) {
[708] Fix | Delete
return $content;
[709] Fix | Delete
}
[710] Fix | Delete
[711] Fix | Delete
if ( empty( $shortcode_tags ) || ! is_array( $shortcode_tags ) ) {
[712] Fix | Delete
return $content;
[713] Fix | Delete
}
[714] Fix | Delete
[715] Fix | Delete
// Find all registered tag names in $content.
[716] Fix | Delete
preg_match_all( '@\[([^<>&/\[\]\x00-\x20=]++)@', $content, $matches );
[717] Fix | Delete
[718] Fix | Delete
$tags_to_remove = array_keys( $shortcode_tags );
[719] Fix | Delete
[720] Fix | Delete
/**
[721] Fix | Delete
* Filters the list of shortcode tags to remove from the content.
[722] Fix | Delete
*
[723] Fix | Delete
* @since 4.7.0
[724] Fix | Delete
*
[725] Fix | Delete
* @param array $tags_to_remove Array of shortcode tags to remove.
[726] Fix | Delete
* @param string $content Content shortcodes are being removed from.
[727] Fix | Delete
*/
[728] Fix | Delete
$tags_to_remove = apply_filters( 'strip_shortcodes_tagnames', $tags_to_remove, $content );
[729] Fix | Delete
[730] Fix | Delete
$tagnames = array_intersect( $tags_to_remove, $matches[1] );
[731] Fix | Delete
[732] Fix | Delete
if ( empty( $tagnames ) ) {
[733] Fix | Delete
return $content;
[734] Fix | Delete
}
[735] Fix | Delete
[736] Fix | Delete
$content = do_shortcodes_in_html_tags( $content, true, $tagnames );
[737] Fix | Delete
[738] Fix | Delete
$pattern = get_shortcode_regex( $tagnames );
[739] Fix | Delete
$content = preg_replace_callback( "/$pattern/", 'strip_shortcode_tag', $content );
[740] Fix | Delete
[741] Fix | Delete
// Always restore square braces so we don't break things like <!--[if IE ]>.
[742] Fix | Delete
$content = unescape_invalid_shortcodes( $content );
[743] Fix | Delete
[744] Fix | Delete
return $content;
[745] Fix | Delete
}
[746] Fix | Delete
[747] Fix | Delete
/**
[748] Fix | Delete
* Strips a shortcode tag based on RegEx matches against post content.
[749] Fix | Delete
*
[750] Fix | Delete
* @since 3.3.0
[751] Fix | Delete
*
[752] Fix | Delete
* @param array $m RegEx matches against post content.
[753] Fix | Delete
* @return string|false The content stripped of the tag, otherwise false.
[754] Fix | Delete
*/
[755] Fix | Delete
function strip_shortcode_tag( $m ) {
[756] Fix | Delete
// Allow [[foo]] syntax for escaping a tag.
[757] Fix | Delete
if ( '[' === $m[1] && ']' === $m[6] ) {
[758] Fix | Delete
return substr( $m[0], 1, -1 );
[759] Fix | Delete
}
[760] Fix | Delete
[761] Fix | Delete
return $m[1] . $m[6];
[762] Fix | Delete
}
[763] Fix | Delete
[764] Fix | Delete
12
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function