Cache
2 years ago
DBPermissions.php
2 years ago
DataEncoder.php
2 years ago
Escape.php
2 years ago
Glob.php
2 years ago
Hooks.php
2 years ago
Math.php
2 years ago
PluginInfo.php
2 years ago
Sanitize.php
2 years ago
ServerVars.php
2 years ago
SlashMode.php
5 years ago
Strings.php
2 years ago
Times.php
2 years ago
Urls.php
2 years ago
Version.php
2 years ago
WpDefaultDirectories.php
2 years ago
Escape.php
78 lines
| 1 | <?php |
| 2 | |
| 3 | namespace WPStaging\Framework\Utils; |
| 4 | |
| 5 | class Escape |
| 6 | { |
| 7 | /** |
| 8 | * Escape html with allowed html tags |
| 9 | * |
| 10 | * @param string $content |
| 11 | * @return string |
| 12 | */ |
| 13 | public function escapeHtml(string $content): string |
| 14 | { |
| 15 | return wp_kses($content, $this->htmlAllowedDuringEscape([])); |
| 16 | } |
| 17 | |
| 18 | /** |
| 19 | * Html decode and then wp_kses_post |
| 20 | * |
| 21 | * @param string $text |
| 22 | * @return string |
| 23 | */ |
| 24 | public function decodeKsesPost(string $text): string |
| 25 | { |
| 26 | return wp_kses_post(html_entity_decode($text)); |
| 27 | } |
| 28 | |
| 29 | /** |
| 30 | * @param array $array |
| 31 | * @return array |
| 32 | */ |
| 33 | public function htmlAllowedDuringEscape(array $array): array |
| 34 | { |
| 35 | return [ |
| 36 | 'a' => [ |
| 37 | 'id' => [], |
| 38 | 'href' => [], |
| 39 | 'title' => [], |
| 40 | 'target' => [], |
| 41 | 'rel' => [], |
| 42 | 'class' => [], |
| 43 | ], |
| 44 | 'span' => [ |
| 45 | 'class' => [], |
| 46 | 'title' => [], |
| 47 | ], |
| 48 | 'p' => [], |
| 49 | 'br' => [], |
| 50 | 'code' => [], |
| 51 | 'em' => [], |
| 52 | 'strong' => [ |
| 53 | 'class' => [], |
| 54 | ], |
| 55 | ]; |
| 56 | } |
| 57 | |
| 58 | /** |
| 59 | * Mimics the mysql_real_escape_string function. Adapted from a post by 'feedr' on php.net. |
| 60 | * @link http://php.net/manual/en/function.mysql-real-escape-string.php#101248 |
| 61 | * @access public |
| 62 | * @param string|array $input The string to escape. |
| 63 | * @return string|array |
| 64 | */ |
| 65 | public function mysqlRealEscapeString($input) |
| 66 | { |
| 67 | if (is_array($input)) { |
| 68 | return array_map(__METHOD__, $input); |
| 69 | } |
| 70 | |
| 71 | if (!empty($input) && is_string($input)) { |
| 72 | return str_replace(['\\', "\0", "\n", "\r", "'", '"', "\x1a"], ['\\\\', '\\0', '\\n', '\\r', "\\'", '\\"', '\\Z'], $input); |
| 73 | } |
| 74 | |
| 75 | return $input; |
| 76 | } |
| 77 | } |
| 78 |