/** * Author Template functions for use in themes. * * These functions must be used within the WordPress Loop. * * @link https://codex.wordpress.org/Author_Templates * * @package WordPress * @subpackage Template */ /** * Retrieves the author of the current post. * * @since 1.5.0 * @since 6.3.0 Returns an empty string if the author's display name is unknown. * * @global WP_User $authordata The current author's data. * * @param string $deprecated Deprecated. * @return string The author's display name, empty string if unknown. */ function get_the_author( $deprecated = '' ) { global $authordata; if ( ! empty( $deprecated ) ) { _deprecated_argument( __FUNCTION__, '2.1.0' ); } /** * Filters the display name of the current post's author. * * @since 2.9.0 * * @param string $display_name The author's display name. */ return apply_filters( 'the_author', is_object( $authordata ) ? $authordata->display_name : '' ); } /** * Displays the name of the author of the current post. * * The behavior of this function is based off of old functionality predating * get_the_author(). This function is not deprecated, but is designed to echo * the value from get_the_author() and as an result of any old theme that might * still use the old behavior will also pass the value from get_the_author(). * * The normal, expected behavior of this function is to echo the author and not * return it. However, backward compatibility has to be maintained. * * @since 0.71 * * @see get_the_author() * @link https://developer.wordpress.org/reference/functions/the_author/ * * @param string $deprecated Deprecated. * @param bool $deprecated_echo Deprecated. Use get_the_author(). Echo the string or return it. * @return string The author's display name, from get_the_author(). */ function the_author( $deprecated = '', $deprecated_echo = true ) { if ( ! empty( $deprecated ) ) { _deprecated_argument( __FUNCTION__, '2.1.0' ); } if ( true !== $deprecated_echo ) { _deprecated_argument( __FUNCTION__, '1.5.0', sprintf( /* translators: %s: get_the_author() */ __( 'Use %s instead if you do not want the value echoed.' ), 'get_the_author()' ) ); } if ( $deprecated_echo ) { echo get_the_author(); } return get_the_author(); } /** * Retrieves the author who last edited the current post. * * @since 2.8.0 * * @return string|void The author's display name, empty string if unknown. */ function get_the_modified_author() { $last_id = get_post_meta( get_post()->ID, '_edit_last', true ); if ( $last_id ) { $last_user = get_userdata( $last_id ); /** * Filters the display name of the author who last edited the current post. * * @since 2.8.0 * * @param string $display_name The author's display name, empty string if unknown. */ return apply_filters( 'the_modified_author', $last_user ? $last_user->display_name : '' ); } } /** * Displays the name of the author who last edited the current post, * if the author's ID is available. * * @since 2.8.0 * * @see get_the_author() */ function the_modified_author() { echo get_the_modified_author(); } /** * Retrieves the requested data of the author of the current post. * * Valid values for the `$field` parameter include: * * - admin_color * - aim * - comment_shortcuts * - description * - display_name * - first_name * - ID * - jabber * - last_name * - nickname * - plugins_last_view * - plugins_per_page * - rich_editing * - syntax_highlighting * - user_activation_key * - user_description * - user_email * - user_firstname * - user_lastname * - user_level * - user_login * - user_nicename * - user_pass * - user_registered * - user_status * - user_url * - yim * * @since 2.8.0 * * @global WP_User $authordata The current author's data. * * @param string $field Optional. The user field to retrieve. Default empty. * @param int|false $user_id Optional. User ID. Defaults to the current post author. * @return string The author's field from the current author's DB object, otherwise an empty string. */ function get_the_author_meta( $field = '', $user_id = false ) { $original_user_id = $user_id; if ( ! $user_id ) { global $authordata; $user_id = isset( $authordata->ID ) ? $authordata->ID : 0; } else { $authordata = get_userdata( $user_id ); } if ( in_array( $field, array( 'login', 'pass', 'nicename', 'email', 'url', 'registered', 'activation_key', 'status' ), true ) ) { $field = 'user_' . $field; } $value = isset( $authordata->$field ) ? $authordata->$field : ''; /** * Filters the value of the requested user metadata. * * The filter name is dynamic and depends on the $field parameter of the function. * * @since 2.8.0 * @since 4.3.0 The `$original_user_id` parameter was added. * * @param string $value The value of the metadata. * @param int $user_id The user ID for the value. * @param int|false $original_user_id The original user ID, as passed to the function. */ return apply_filters( "get_the_author_{$field}", $value, $user_id, $original_user_id ); } /** * Outputs the field from the user's DB object. Defaults to current post's author. * * @since 2.8.0 * * @param string $field Selects the field of the users record. See get_the_author_meta() * for the list of possible fields. * @param int|false $user_id Optional. User ID. Defaults to the current post author. * * @see get_the_author_meta() */ function the_author_meta( $field = '', $user_id = false ) { $author_meta = get_the_author_meta( $field, $user_id ); /** * Filters the value of the requested user metadata. * * The filter name is dynamic and depends on the $field parameter of the function. * * @since 2.8.0 * * @param string $author_meta The value of the metadata. * @param int|false $user_id The user ID. */ echo apply_filters( "the_author_{$field}", $author_meta, $user_id ); } /** * Retrieves either author's link or author's name. * * If the author has a home page set, return an HTML link, otherwise just return * the author's name. * * @since 3.0.0 * * @global WP_User $authordata The current author's data. * * @return string An HTML link if the author's URL exists in user meta, * otherwise the result of get_the_author(). */ function get_the_author_link() { if ( get_the_author_meta( 'url' ) ) { global $authordata; $author_url = get_the_author_meta( 'url' ); $author_display_name = get_the_author(); $link = sprintf( '%3$s', esc_url( $author_url ), /* translators: %s: Author's display name. */ esc_attr( sprintf( __( 'Visit %s’s website' ), $author_display_name ) ), $author_display_name ); /** * Filters the author URL link HTML. * * @since 6.0.0 * * @param string $link The default rendered author HTML link. * @param string $author_url Author's URL. * @param WP_User $authordata Author user data. */ return apply_filters( 'the_author_link', $link, $author_url, $authordata ); } else { return get_the_author(); } } /** * Displays either author's link or author's name. * * If the author has a home page set, echo an HTML link, otherwise just echo the * author's name. * * @link https://developer.wordpress.org/reference/functions/the_author_link/ * * @since 2.1.0 */ function the_author_link() { echo get_the_author_link(); } /** * Retrieves the number of posts by the author of the current post. * * @since 1.5.0 * * @return int The number of posts by the author. */ function get_the_author_posts() { $post = get_post(); if ( ! $post ) { return 0; } return count_user_posts( $post->post_author, $post->post_type ); } /** * Displays the number of posts by the author of the current post. * * @link https://developer.wordpress.org/reference/functions/the_author_posts/ * @since 0.71 */ function the_author_posts() { echo get_the_author_posts(); } /** * Retrieves an HTML link to the author page of the current post's author. * * Returns an HTML-formatted link using get_author_posts_url(). * * @since 4.4.0 * * @global WP_User $authordata The current author's data. * * @return string An HTML link to the author page, or an empty string if $authordata is not set. */ function get_the_author_posts_link() { global $authordata; if ( ! is_object( $authordata ) ) { return ''; } $link = sprintf( '', esc_url( get_author_posts_url( $authordata->ID, $authordata->user_nicename ) ), /* translators: %s: Author's display name. */ esc_attr( sprintf( __( 'Posts by %s' ), get_the_author() ) ), get_the_author() ); /** * Filters the link to the author page of the author of the current post. * * @since 2.9.0 * * @param string $link HTML link. */ return apply_filters( 'the_author_posts_link', $link ); } /** * Displays an HTML link to the author page of the current post's author. * * @since 1.2.0 * @since 4.4.0 Converted into a wrapper for get_the_author_posts_link() * * @param string $deprecated Unused. */ function the_author_posts_link( $deprecated = '' ) { if ( ! empty( $deprecated ) ) { _deprecated_argument( __FUNCTION__, '2.1.0' ); } echo get_the_author_posts_link(); } /** * Retrieves the URL to the author page for the user with the ID provided. * * @since 2.1.0 * * @global WP_Rewrite $wp_rewrite WordPress rewrite component. * * @param int $author_id Author ID. * @param string $author_nicename Optional. The author's nicename (slug). Default empty. * @return string The URL to the author's page. */ function get_author_posts_url( $author_id, $author_nicename = '' ) { global $wp_rewrite; $author_id = (int) $author_id; $link = $wp_rewrite->get_author_permastruct(); if ( empty( $link ) ) { $file = home_url( '/' ); $link = $file . '?author=' . $author_id; } else { if ( '' === $author_nicename ) { $user = get_userdata( $author_id ); if ( ! empty( $user->user_nicename ) ) { $author_nicename = $user->user_nicename; } } $link = str_replace( '%author%', $author_nicename, $link ); $link = home_url( user_trailingslashit( $link ) ); } /** * Filters the URL to the author's page. * * @since 2.1.0 * * @param string $link The URL to the author's page. * @param int $author_id The author's ID. * @param string $author_nicename The author's nice name. */ $link = apply_filters( 'author_link', $link, $author_id, $author_nicename ); return $link; } /** * Lists all the authors of the site, with several options available. * * @link https://developer.wordpress.org/reference/functions/wp_list_authors/ * * @since 1.2.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param string|array $args { * Optional. Array or string of default arguments. * * @type string $orderby How to sort the authors. Accepts 'nicename', 'email', 'url', 'registered', * 'user_nicename', 'user_email', 'user_url', 'user_registered', 'name', * 'display_name', 'post_count', 'ID', 'meta_value', 'user_login'. Default 'name'. * @type string $order Sorting direction for $orderby. Accepts 'ASC', 'DESC'. Default 'ASC'. * @type int $number Maximum authors to return or display. Default empty (all authors). * @type bool $optioncount Show the count in parenthesis next to the author's name. Default false. * @type bool $exclude_admin Whether to exclude the 'admin' account, if it exists. Default true. * @type bool $show_fullname Whether to show the author's full name. Default false. * @type bool $hide_empty Whether to hide any authors with no posts. Default true. * @type string $feed If not empty, show a link to the author's feed and use this text as the alt * parameter of the link. Default empty. * @type string $feed_image If not empty, show a link to the author's feed and use this image URL as * clickable anchor. Default empty. * @type string $feed_type The feed type to link to. Possible values include 'rss2', 'atom'. * Default is the value of get_default_feed(). * @type bool $echo Whether to output the result or instead return it. Default true. * @type string $style If 'list', each author is wrapped in an `
  • ` element, otherwise the authors * will be separated by commas. * @type bool $html Whether to list the items in HTML form or plaintext. Default true. * @type int[]|string $exclude Array or comma/space-separated list of author IDs to exclude. Default empty. * @type int[]|string $include Array or comma/space-separated list of author IDs to include. Default empty. * } * @return void|string Void if 'echo' argument is true, list of authors if 'echo' is false. */ function wp_list_authors( $args = '' ) { global $wpdb; $defaults = array( 'orderby' => 'name', 'order' => 'ASC', 'number' => '', 'optioncount' => false, 'exclude_admin' => true, 'show_fullname' => false, 'hide_empty' => true, 'feed' => '', 'feed_image' => '', 'feed_type' => '', 'echo' => true, 'style' => 'list', 'html' => true, 'exclude' => '', 'include' => '', ); $parsed_args = wp_parse_args( $args, $defaults ); $return = ''; $query_args = wp_array_slice_assoc( $parsed_args, array( 'orderby', 'order', 'number', 'exclude', 'include' ) ); $query_args['fields'] = 'ids'; /** * Filters the query arguments for the list of all authors of the site. * * @since 6.1.0 * * @param array $query_args The query arguments for get_users(). * @param array $parsed_args The arguments passed to wp_list_authors() combined with the defaults. */ $query_args = apply_filters( 'wp_list_authors_args', $query_args, $parsed_args ); $authors = get_users( $query_args ); $post_counts = array(); /** * Filters whether to short-circuit performing the query for author post counts. * * @since 6.1.0 * * @param int[]|false $post_counts Array of post counts, keyed by author ID. * @param array $parsed_args The arguments passed to wp_list_authors() combined with the defaults. */ $post_counts = apply_filters( 'pre_wp_list_authors_post_counts_query', false, $parsed_args ); if ( ! is_array( $post_counts ) ) { $post_counts = array(); $post_counts_query = $wpdb->get_results( "SELECT DISTINCT post_author, COUNT(ID) AS count FROM $wpdb->posts WHERE " . get_private_posts_cap_sql( 'post' ) . ' GROUP BY post_author' ); foreach ( (array) $post_counts_query as $row ) { $post_counts[ $row->post_author ] = $row->count; } } foreach ( $authors as $author_id ) { $posts = isset( $post_counts[ $author_id ] ) ? $post_counts[ $author_id ] : 0; if ( ! $posts && $parsed_args['hide_empty'] ) { continue; } $author = get_userdata( $author_id ); if ( $parsed_args['exclude_admin'] && 'admin' === $author->display_name ) { continue; } if ( $parsed_args['show_fullname'] && $author->first_name && $author->last_name ) { $name = sprintf( /* translators: 1: User's first name, 2: Last name. */ _x( '%1$s %2$s', 'Display name based on first name and last name' ), $author->first_name, $author->last_name ); } else { $name = $author->display_name; } if ( ! $parsed_args['html'] ) { $return .= $name . ', '; continue; // No need to go further to process HTML. } if ( 'list' === $parsed_args['style'] ) { $return .= '
  • '; } $link = sprintf( '%3$s', esc_url( get_author_posts_url( $author->ID, $author->user_nicename ) ), /* translators: %s: Author's display name. */ esc_attr( sprintf( __( 'Posts by %s' ), $author->display_name ) ), $name ); if ( ! empty( $parsed_args['feed_image'] ) || ! empty( $parsed_args['feed'] ) ) { $link .= ' '; if ( empty( $parsed_args['feed_image'] ) ) { $link .= '('; } $link .= ''; } else { $link .= $name; } $link .= ''; if ( empty( $parsed_args['feed_image'] ) ) { $link .= ')'; } } if ( $parsed_args['optioncount'] ) { $link .= ' (' . $posts . ')'; } $return .= $link; $return .= ( 'list' === $parsed_args['style'] ) ? '
  • ' : ', '; } $return = rtrim( $return, ', ' ); if ( $parsed_args['echo'] ) { echo $return; } else { return $return; } } /** * Determines whether this site has more than one author. * * Checks to see if more than one author has published posts. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 3.2.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @return bool Whether or not we have more than one author */ function is_multi_author() { global $wpdb; $is_multi_author = get_transient( 'is_multi_author' ); if ( false === $is_multi_author ) { $rows = (array) $wpdb->get_col( "SELECT DISTINCT post_author FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'publish' LIMIT 2" ); $is_multi_author = 1 < count( $rows ) ? 1 : 0; set_transient( 'is_multi_author', $is_multi_author ); } /** * Filters whether the site has more than one author with published posts. * * @since 3.2.0 * * @param bool $is_multi_author Whether $is_multi_author should evaluate as true. */ return apply_filters( 'is_multi_author', (bool) $is_multi_author ); } /** * Helper function to clear the cache for number of authors. * * @since 3.2.0 * @access private */ function __clear_multi_author_cache() { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionDoubleUnderscore,PHPCompatibility.FunctionNameRestrictions.ReservedFunctionNames.FunctionDoubleUnderscore delete_transient( 'is_multi_author' ); } /** * kses 0.2.2 - HTML/XHTML filter that only allows some elements and attributes * Copyright (C) 2002, 2003, 2005 Ulf Harnhammar * * This program is free software and open source software; you can redistribute * it and/or modify it under the terms of the GNU General Public License as * published by the Free Software Foundation; either version 2 of the License, * or (at your option) any later version. * * This program is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA * http://www.gnu.org/licenses/gpl.html * * [kses strips evil scripts!] * * Added wp_ prefix to avoid conflicts with existing kses users * * @version 0.2.2 * @copyright (C) 2002, 2003, 2005 * @author Ulf Harnhammar * * @package External * @subpackage KSES */ /** * Specifies the default allowable HTML tags. * * Using `CUSTOM_TAGS` is not recommended and should be considered deprecated. The * {@see 'wp_kses_allowed_html'} filter is more powerful and supplies context. * * When using this constant, make sure to set all of these globals to arrays: * * - `$allowedposttags` * - `$allowedtags` * - `$allowedentitynames` * - `$allowedxmlentitynames` * * @see wp_kses_allowed_html() * @since 1.2.0 * * @var array[]|false Array of default allowable HTML tags, or false to use the defaults. */ if ( ! defined( 'CUSTOM_TAGS' ) ) { define( 'CUSTOM_TAGS', false ); } // Ensure that these variables are added to the global namespace // (e.g. if using namespaces / autoload in the current PHP environment). global $allowedposttags, $allowedtags, $allowedentitynames, $allowedxmlentitynames; if ( ! CUSTOM_TAGS ) { /** * KSES global for default allowable HTML tags. * * Can be overridden with the `CUSTOM_TAGS` constant. * * @var array[] $allowedposttags Array of default allowable HTML tags. * @since 2.0.0 */ $allowedposttags = array( 'address' => array(), 'a' => array( 'href' => true, 'rel' => true, 'rev' => true, 'name' => true, 'target' => true, 'download' => array( 'valueless' => 'y', ), ), 'abbr' => array(), 'acronym' => array(), 'area' => array( 'alt' => true, 'coords' => true, 'href' => true, 'nohref' => true, 'shape' => true, 'target' => true, ), 'article' => array( 'align' => true, ), 'aside' => array( 'align' => true, ), 'audio' => array( 'autoplay' => true, 'controls' => true, 'loop' => true, 'muted' => true, 'preload' => true, 'src' => true, ), 'b' => array(), 'bdo' => array(), 'big' => array(), 'blockquote' => array( 'cite' => true, ), 'br' => array(), 'button' => array( 'disabled' => true, 'name' => true, 'type' => true, 'value' => true, ), 'caption' => array( 'align' => true, ), 'cite' => array(), 'code' => array(), 'col' => array( 'align' => true, 'char' => true, 'charoff' => true, 'span' => true, 'valign' => true, 'width' => true, ), 'colgroup' => array( 'align' => true, 'char' => true, 'charoff' => true, 'span' => true, 'valign' => true, 'width' => true, ), 'del' => array( 'datetime' => true, ), 'dd' => array(), 'dfn' => array(), 'details' => array( 'align' => true, 'open' => true, ), 'div' => array( 'align' => true, ), 'dl' => array(), 'dt' => array(), 'em' => array(), 'fieldset' => array(), 'figure' => array( 'align' => true, ), 'figcaption' => array( 'align' => true, ), 'font' => array( 'color' => true, 'face' => true, 'size' => true, ), 'footer' => array( 'align' => true, ), 'h1' => array( 'align' => true, ), 'h2' => array( 'align' => true, ), 'h3' => array( 'align' => true, ), 'h4' => array( 'align' => true, ), 'h5' => array( 'align' => true, ), 'h6' => array( 'align' => true, ), 'header' => array( 'align' => true, ), 'hgroup' => array( 'align' => true, ), 'hr' => array( 'align' => true, 'noshade' => true, 'size' => true, 'width' => true, ), 'i' => array(), 'img' => array( 'alt' => true, 'align' => true, 'border' => true, 'height' => true, 'hspace' => true, 'loading' => true, 'longdesc' => true, 'vspace' => true, 'src' => true, 'usemap' => true, 'width' => true, ), 'ins' => array( 'datetime' => true, 'cite' => true, ), 'kbd' => array(), 'label' => array( 'for' => true, ), 'legend' => array( 'align' => true, ), 'li' => array( 'align' => true, 'value' => true, ), 'main' => array( 'align' => true, ), 'map' => array( 'name' => true, ), 'mark' => array(), 'menu' => array( 'type' => true, ), 'nav' => array( 'align' => true, ), 'object' => array( 'data' => array( 'required' => true, 'value_callback' => '_wp_kses_allow_pdf_objects', ), 'type' => array( 'required' => true, 'values' => array( 'application/pdf' ), ), ), 'p' => array( 'align' => true, ), 'pre' => array( 'width' => true, ), 'q' => array( 'cite' => true, ), 'rb' => array(), 'rp' => array(), 'rt' => array(), 'rtc' => array(), 'ruby' => array(), 's' => array(), 'samp' => array(), 'span' => array( 'align' => true, ), 'section' => array( 'align' => true, ), 'small' => array(), 'strike' => array(), 'strong' => array(), 'sub' => array(), 'summary' => array( 'align' => true, ), 'sup' => array(), 'table' => array( 'align' => true, 'bgcolor' => true, 'border' => true, 'cellpadding' => true, 'cellspacing' => true, 'rules' => true, 'summary' => true, 'width' => true, ), 'tbody' => array( 'align' => true, 'char' => true, 'charoff' => true, 'valign' => true, ), 'td' => array( 'abbr' => true, 'align' => true, 'axis' => true, 'bgcolor' => true, 'char' => true, 'charoff' => true, 'colspan' => true, 'headers' => true, 'height' => true, 'nowrap' => true, 'rowspan' => true, 'scope' => true, 'valign' => true, 'width' => true, ), 'textarea' => array( 'cols' => true, 'rows' => true, 'disabled' => true, 'name' => true, 'readonly' => true, ), 'tfoot' => array( 'align' => true, 'char' => true, 'charoff' => true, 'valign' => true, ), 'th' => array( 'abbr' => true, 'align' => true, 'axis' => true, 'bgcolor' => true, 'char' => true, 'charoff' => true, 'colspan' => true, 'headers' => true, 'height' => true, 'nowrap' => true, 'rowspan' => true, 'scope' => true, 'valign' => true, 'width' => true, ), 'thead' => array( 'align' => true, 'char' => true, 'charoff' => true, 'valign' => true, ), 'title' => array(), 'tr' => array( 'align' => true, 'bgcolor' => true, 'char' => true, 'charoff' => true, 'valign' => true, ), 'track' => array( 'default' => true, 'kind' => true, 'label' => true, 'src' => true, 'srclang' => true, ), 'tt' => array(), 'u' => array(), 'ul' => array( 'type' => true, ), 'ol' => array( 'start' => true, 'type' => true, 'reversed' => true, ), 'var' => array(), 'video' => array( 'autoplay' => true, 'controls' => true, 'height' => true, 'loop' => true, 'muted' => true, 'playsinline' => true, 'poster' => true, 'preload' => true, 'src' => true, 'width' => true, ), ); /** * @var array[] $allowedtags Array of KSES allowed HTML elements. * @since 1.0.0 */ $allowedtags = array( 'a' => array( 'href' => true, 'title' => true, ), 'abbr' => array( 'title' => true, ), 'acronym' => array( 'title' => true, ), 'b' => array(), 'blockquote' => array( 'cite' => true, ), 'cite' => array(), 'code' => array(), 'del' => array( 'datetime' => true, ), 'em' => array(), 'i' => array(), 'q' => array( 'cite' => true, ), 's' => array(), 'strike' => array(), 'strong' => array(), ); /** * @var string[] $allowedentitynames Array of KSES allowed HTML entity names. * @since 1.0.0 */ $allowedentitynames = array( 'nbsp', 'iexcl', 'cent', 'pound', 'curren', 'yen', 'brvbar', 'sect', 'uml', 'copy', 'ordf', 'laquo', 'not', 'shy', 'reg', 'macr', 'deg', 'plusmn', 'acute', 'micro', 'para', 'middot', 'cedil', 'ordm', 'raquo', 'iquest', 'Agrave', 'Aacute', 'Acirc', 'Atilde', 'Auml', 'Aring', 'AElig', 'Ccedil', 'Egrave', 'Eacute', 'Ecirc', 'Euml', 'Igrave', 'Iacute', 'Icirc', 'Iuml', 'ETH', 'Ntilde', 'Ograve', 'Oacute', 'Ocirc', 'Otilde', 'Ouml', 'times', 'Oslash', 'Ugrave', 'Uacute', 'Ucirc', 'Uuml', 'Yacute', 'THORN', 'szlig', 'agrave', 'aacute', 'acirc', 'atilde', 'auml', 'aring', 'aelig', 'ccedil', 'egrave', 'eacute', 'ecirc', 'euml', 'igrave', 'iacute', 'icirc', 'iuml', 'eth', 'ntilde', 'ograve', 'oacute', 'ocirc', 'otilde', 'ouml', 'divide', 'oslash', 'ugrave', 'uacute', 'ucirc', 'uuml', 'yacute', 'thorn', 'yuml', 'quot', 'amp', 'lt', 'gt', 'apos', 'OElig', 'oelig', 'Scaron', 'scaron', 'Yuml', 'circ', 'tilde', 'ensp', 'emsp', 'thinsp', 'zwnj', 'zwj', 'lrm', 'rlm', 'ndash', 'mdash', 'lsquo', 'rsquo', 'sbquo', 'ldquo', 'rdquo', 'bdquo', 'dagger', 'Dagger', 'permil', 'lsaquo', 'rsaquo', 'euro', 'fnof', 'Alpha', 'Beta', 'Gamma', 'Delta', 'Epsilon', 'Zeta', 'Eta', 'Theta', 'Iota', 'Kappa', 'Lambda', 'Mu', 'Nu', 'Xi', 'Omicron', 'Pi', 'Rho', 'Sigma', 'Tau', 'Upsilon', 'Phi', 'Chi', 'Psi', 'Omega', 'alpha', 'beta', 'gamma', 'delta', 'epsilon', 'zeta', 'eta', 'theta', 'iota', 'kappa', 'lambda', 'mu', 'nu', 'xi', 'omicron', 'pi', 'rho', 'sigmaf', 'sigma', 'tau', 'upsilon', 'phi', 'chi', 'psi', 'omega', 'thetasym', 'upsih', 'piv', 'bull', 'hellip', 'prime', 'Prime', 'oline', 'frasl', 'weierp', 'image', 'real', 'trade', 'alefsym', 'larr', 'uarr', 'rarr', 'darr', 'harr', 'crarr', 'lArr', 'uArr', 'rArr', 'dArr', 'hArr', 'forall', 'part', 'exist', 'empty', 'nabla', 'isin', 'notin', 'ni', 'prod', 'sum', 'minus', 'lowast', 'radic', 'prop', 'infin', 'ang', 'and', 'or', 'cap', 'cup', 'int', 'sim', 'cong', 'asymp', 'ne', 'equiv', 'le', 'ge', 'sub', 'sup', 'nsub', 'sube', 'supe', 'oplus', 'otimes', 'perp', 'sdot', 'lceil', 'rceil', 'lfloor', 'rfloor', 'lang', 'rang', 'loz', 'spades', 'clubs', 'hearts', 'diams', 'sup1', 'sup2', 'sup3', 'frac14', 'frac12', 'frac34', 'there4', ); /** * @var string[] $allowedxmlentitynames Array of KSES allowed XML entity names. * @since 5.5.0 */ $allowedxmlentitynames = array( 'amp', 'lt', 'gt', 'apos', 'quot', ); $allowedposttags = array_map( '_wp_add_global_attributes', $allowedposttags ); } else { $required_kses_globals = array( 'allowedposttags', 'allowedtags', 'allowedentitynames', 'allowedxmlentitynames', ); $missing_kses_globals = array(); foreach ( $required_kses_globals as $global_name ) { if ( ! isset( $GLOBALS[ $global_name ] ) || ! is_array( $GLOBALS[ $global_name ] ) ) { $missing_kses_globals[] = '$' . $global_name . ''; } } if ( $missing_kses_globals ) { _doing_it_wrong( 'wp_kses_allowed_html', sprintf( /* translators: 1: CUSTOM_TAGS, 2: Global variable names. */ __( 'When using the %1$s constant, make sure to set these globals to an array: %2$s.' ), 'CUSTOM_TAGS', implode( ', ', $missing_kses_globals ) ), '6.2.0' ); } $allowedtags = wp_kses_array_lc( $allowedtags ); $allowedposttags = wp_kses_array_lc( $allowedposttags ); } /** * Filters text content and strips out disallowed HTML. * * This function makes sure that only the allowed HTML element names, attribute * names, attribute values, and HTML entities will occur in the given text string. * * This function expects unslashed data. * * @see wp_kses_post() for specifically filtering post content and fields. * @see wp_allowed_protocols() for the default allowed protocols in link URLs. * * @since 1.0.0 * * @param string $content Text content to filter. * @param array[]|string $allowed_html An array of allowed HTML elements and attributes, * or a context name such as 'post'. See wp_kses_allowed_html() * for the list of accepted context names. * @param string[] $allowed_protocols Optional. Array of allowed URL protocols. * Defaults to the result of wp_allowed_protocols(). * @return string Filtered content containing only the allowed HTML. */ function wp_kses( $content, $allowed_html, $allowed_protocols = array() ) { if ( empty( $allowed_protocols ) ) { $allowed_protocols = wp_allowed_protocols(); } $content = wp_kses_no_null( $content, array( 'slash_zero' => 'keep' ) ); $content = wp_kses_normalize_entities( $content ); $content = wp_kses_hook( $content, $allowed_html, $allowed_protocols ); return wp_kses_split( $content, $allowed_html, $allowed_protocols ); } /** * Filters one HTML attribute and ensures its value is allowed. * * This function can escape data in some situations where `wp_kses()` must strip the whole attribute. * * @since 4.2.3 * * @param string $attr The 'whole' attribute, including name and value. * @param string $element The HTML element name to which the attribute belongs. * @return string Filtered attribute. */ function wp_kses_one_attr( $attr, $element ) { $uris = wp_kses_uri_attributes(); $allowed_html = wp_kses_allowed_html( 'post' ); $allowed_protocols = wp_allowed_protocols(); $attr = wp_kses_no_null( $attr, array( 'slash_zero' => 'keep' ) ); // Preserve leading and trailing whitespace. $matches = array(); preg_match( '/^\s*/', $attr, $matches ); $lead = $matches[0]; preg_match( '/\s*$/', $attr, $matches ); $trail = $matches[0]; if ( empty( $trail ) ) { $attr = substr( $attr, strlen( $lead ) ); } else { $attr = substr( $attr, strlen( $lead ), -strlen( $trail ) ); } // Parse attribute name and value from input. $split = preg_split( '/\s*=\s*/', $attr, 2 ); $name = $split[0]; if ( count( $split ) === 2 ) { $value = $split[1]; /* * Remove quotes surrounding $value. * Also guarantee correct quoting in $attr for this one attribute. */ if ( '' === $value ) { $quote = ''; } else { $quote = $value[0]; } if ( '"' === $quote || "'" === $quote ) { if ( ! str_ends_with( $value, $quote ) ) { return ''; } $value = substr( $value, 1, -1 ); } else { $quote = '"'; } // Sanitize quotes, angle braces, and entities. $value = esc_attr( $value ); // Sanitize URI values. if ( in_array( strtolower( $name ), $uris, true ) ) { $value = wp_kses_bad_protocol( $value, $allowed_protocols ); } $attr = "$name=$quote$value$quote"; $vless = 'n'; } else { $value = ''; $vless = 'y'; } // Sanitize attribute by name. wp_kses_attr_check( $name, $value, $attr, $vless, $element, $allowed_html ); // Restore whitespace. return $lead . $attr . $trail; } /** * Returns an array of allowed HTML tags and attributes for a given context. * * @since 3.5.0 * @since 5.0.1 `form` removed as allowable HTML tag. * * @global array $allowedposttags * @global array $allowedtags * @global array $allowedentitynames * * @param string|array $context The context for which to retrieve tags. Allowed values are 'post', * 'strip', 'data', 'entities', or the name of a field filter such as * 'pre_user_description', or an array of allowed HTML elements and attributes. * @return array Array of allowed HTML tags and their allowed attributes. */ function wp_kses_allowed_html( $context = '' ) { global $allowedposttags, $allowedtags, $allowedentitynames; if ( is_array( $context ) ) { // When `$context` is an array it's actually an array of allowed HTML elements and attributes. $html = $context; $context = 'explicit'; /** * Filters the HTML tags that are allowed for a given context. * * HTML tags and attribute names are case-insensitive in HTML but must be * added to the KSES allow list in lowercase. An item added to the allow list * in upper or mixed case will not recognized as permitted by KSES. * * @since 3.5.0 * * @param array[] $html Allowed HTML tags. * @param string $context Context name. */ return apply_filters( 'wp_kses_allowed_html', $html, $context ); } switch ( $context ) { case 'post': /** This filter is documented in wp-includes/kses.php */ $tags = apply_filters( 'wp_kses_allowed_html', $allowedposttags, $context ); // 5.0.1 removed the `
    ` tag, allow it if a filter is allowing it's sub-elements `` or `