PluginProbe ʕ •ᴥ•ʔ
WP STAGING – WordPress Backup, Restore, Migration & Clone / 4.9.2
WP STAGING – WordPress Backup, Restore, Migration & Clone v4.9.2
4.9.2 4.9.1 4.9.0 4.8.1 trunk 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.1.0 3.1.1 3.1.2 3.1.3 3.1.4 3.10.0 3.2.0 3.3.1 3.3.2 3.3.3 3.4.1 3.4.3 3.5.0 3.6.0 3.7.1 3.8.0 3.8.1 3.8.2 3.8.3 3.8.4 3.8.5 3.8.6 3.8.7 3.9.0 3.9.1 3.9.2 3.9.3 3.9.4 4.0.0 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.0 4.7.0 4.7.1 4.7.2 4.7.3 4.8.0
wp-staging / Framework / Utils / Escape.php
wp-staging / Framework / Utils Last commit date
Cache 7 months ago DBPermissions.php 9 months ago DataEncoder.php 10 months ago DatabaseOptions.php 2 weeks ago Escape.php 9 months ago Glob.php 2 years ago Hooks.php 2 months ago Math.php 9 months ago PluginInfo.php 5 months ago Sanitize.php 2 months ago ServerVars.php 2 years ago SlashMode.php 5 years ago Strings.php 7 months ago Times.php 5 months ago Urls.php 2 weeks ago Version.php 1 year ago WpDefaultDirectories.php 2 years ago
Escape.php
142 lines
1 <?php
2
3 namespace WPStaging\Framework\Utils;
4
5 class Escape
6 {
7 /**
8 * Escape html with allowed html tags
9 *
10 * @param string $content
11 * @return string
12 */
13 public function escapeHtml(string $content): string
14 {
15 return wp_kses($content, $this->htmlAllowedDuringEscape([]));
16 }
17
18 /**
19 * Html decode and then wp_kses_post
20 *
21 * @param string $text
22 * @return string
23 */
24 public function decodeKsesPost(string $text): string
25 {
26 return wp_kses_post(html_entity_decode($text));
27 }
28
29 /**
30 * @param array $array
31 * @return array
32 */
33 public function htmlAllowedDuringEscape(array $array): array
34 {
35 return [
36 'a' => [
37 'id' => [],
38 'href' => [],
39 'title' => [],
40 'target' => [],
41 'rel' => [],
42 'class' => [],
43 ],
44 'span' => [
45 'class' => [],
46 'title' => [],
47 ],
48 'p' => [],
49 'br' => [],
50 'b' => [],
51 'code' => [],
52 'em' => [],
53 'strong' => [
54 'class' => [],
55 ],
56 'svg' => [
57 'xmlns' => [],
58 'width' => [],
59 'height' => [],
60 'viewbox' => [],
61 'fill' => [],
62 'stroke' => [],
63 'stroke-width' => [],
64 'stroke-linecap' => [],
65 'stroke-linejoin' => [],
66 'aria-hidden' => [],
67 'focusable' => [],
68 'role' => [],
69 'class' => [],
70 ],
71 'path' => [
72 'd' => [],
73 'fill' => [],
74 'stroke' => [],
75 'stroke-width' => [],
76 'stroke-linecap' => [],
77 'stroke-linejoin' => [],
78 ],
79 'g' => [
80 'fill' => [],
81 ],
82 'polyline' => [
83 'points' => [],
84 'fill' => [],
85 'stroke' => [],
86 ],
87 'circle' => [
88 'cx' => [],
89 'cy' => [],
90 'r' => [],
91 'fill' => [],
92 'stroke' => [],
93 ],
94 'rect' => [
95 'x' => [],
96 'y' => [],
97 'width' => [],
98 'height' => [],
99 'fill' => [],
100 'stroke' => [],
101 ],
102 'line' => [
103 'x1' => [],
104 'y1' => [],
105 'x2' => [],
106 'y2' => [],
107 'fill' => [],
108 'stroke' => [],
109 ],
110 'defs' => [
111 'clipPath' => [],
112 ],
113 'ellipse' => [
114 'cx' => [],
115 'cy' => [],
116 'rx' => [],
117 'ry' => [],
118 ],
119 ];
120 }
121
122 /**
123 * Mimics the mysql_real_escape_string function. Adapted from a post by 'feedr' on php.net.
124 * @link http://php.net/manual/en/function.mysql-real-escape-string.php#101248
125 * @access public
126 * @param string|array $input The string to escape.
127 * @return string|array
128 */
129 public function mysqlRealEscapeString($input)
130 {
131 if (is_array($input)) {
132 return array_map(__METHOD__, $input);
133 }
134
135 if (!empty($input) && is_string($input)) {
136 return str_replace(['\\', "\0", "\n", "\r", "'", '"', "\x1a"], ['\\\\', '\\0', '\\n', '\\r', "\\'", '\\"', '\\Z'], $input);
137 }
138
139 return $input;
140 }
141 }
142