$value ) { $parsed_value = is_array( $value ) ? implode( ' ', $value ) : $value; $output .= et_html_attr( $name, $parsed_value ); } return $output; } endif; if ( ! function_exists( 'et_sanitized_previously' ) ): /** * Semantical previously sanitized acknowledgement * * @deprecated {@see et_core_sanitized_previously()} * * @since 3.17.3 Deprecated * * @param mixed $value The value being passed-through * * @return mixed */ function et_sanitized_previously( $value ) { et_debug( "You're Doing It Wrong! Attempted to call " . __FUNCTION__ . "(), use et_core_sanitized_previously() instead." ); return $value; } endif; if ( ! function_exists( 'et_core_sanitized_previously' ) ): /** * Semantical previously sanitized acknowledgement * * @since 3.17.3 * * @param mixed $value The value being passed-through * * @return mixed */ function et_core_sanitized_previously( $value ) { return $value; } endif; if ( ! function_exists( 'et_core_esc_attr' ) ): /** * Escape attribute value * * @since 3.27.1? * * @param string $attr_key Element attribute key. * @param (string|array) $attr_value Element attribute value. * * @return (string|array|WP_Error) */ function et_core_esc_attr( $attr_key, $attr_value ) { // Skip validation for landscape image default value. $image_landscape = 'data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMTA4MCIgaGVpZ2h0PSI1NDAiIHZpZXdCb3g9IjAgMCAxMDgwIDU0MCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KICAgIDxnIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+CiAgICAgICAgPHBhdGggZmlsbD0iI0VCRUJFQiIgZD0iTTAgMGgxMDgwdjU0MEgweiIvPgogICAgICAgIDxwYXRoIGQ9Ik00NDUuNjQ5IDU0MGgtOTguOTk1TDE0NC42NDkgMzM3Ljk5NSAwIDQ4Mi42NDR2LTk4Ljk5NWwxMTYuMzY1LTExNi4zNjVjMTUuNjItMTUuNjIgNDAuOTQ3LTE1LjYyIDU2LjU2OCAwTDQ0NS42NSA1NDB6IiBmaWxsLW9wYWNpdHk9Ii4xIiBmaWxsPSIjMDAwIiBmaWxsLXJ1bGU9Im5vbnplcm8iLz4KICAgICAgICA8Y2lyY2xlIGZpbGwtb3BhY2l0eT0iLjA1IiBmaWxsPSIjMDAwIiBjeD0iMzMxIiBjeT0iMTQ4IiByPSI3MCIvPgogICAgICAgIDxwYXRoIGQ9Ik0xMDgwIDM3OXYxMTMuMTM3TDcyOC4xNjIgMTQwLjMgMzI4LjQ2MiA1NDBIMjE1LjMyNEw2OTkuODc4IDU1LjQ0NmMxNS42Mi0xNS42MiA0MC45NDgtMTUuNjIgNTYuNTY4IDBMMTA4MCAzNzl6IiBmaWxsLW9wYWNpdHk9Ii4yIiBmaWxsPSIjMDAwIiBmaWxsLXJ1bGU9Im5vbnplcm8iLz4KICAgIDwvZz4KPC9zdmc+Cg=='; if ( $attr_value === $image_landscape ) { return $attr_value; } // Skip validation for portrait image default value. $image_portrait = 'data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNTAwIiBoZWlnaHQ9IjUwMCIgdmlld0JveD0iMCAwIDUwMCA1MDAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CiAgICA8ZyBmaWxsPSJub25lIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiPgogICAgICAgIDxwYXRoIGZpbGw9IiNFQkVCRUIiIGQ9Ik0wIDBoNTAwdjUwMEgweiIvPgogICAgICAgIDxyZWN0IGZpbGwtb3BhY2l0eT0iLjEiIGZpbGw9IiMwMDAiIHg9IjY4IiB5PSIzMDUiIHdpZHRoPSIzNjQiIGhlaWdodD0iNTY4IiByeD0iMTgyIi8+CiAgICAgICAgPGNpcmNsZSBmaWxsLW9wYWNpdHk9Ii4xIiBmaWxsPSIjMDAwIiBjeD0iMjQ5IiBjeT0iMTcyIiByPSIxMDAiLz4KICAgIDwvZz4KPC9zdmc+Cg=='; if ( $attr_value === $image_portrait ) { return $attr_value; } $attr_key = strtolower( $attr_key ); $allowed_attrs_default = array( // Filter style. // @see https://developer.wordpress.org/reference/functions/safecss_filter_attr/ 'style' => 'safecss_filter_attr', // We just pick some of the HTML attributes considered safe to use. 'data-*' => 'esc_attr', 'align' => 'esc_attr', 'alt' => 'esc_attr', 'autofocus' => 'esc_attr', 'autoplay' => 'esc_attr', 'class' => 'esc_attr', 'cols' => 'esc_attr', 'controls' => 'esc_attr', 'disabled' => 'esc_attr', 'height' => 'esc_attr', 'id' => 'esc_attr', 'max' => 'esc_attr', 'min' => 'esc_attr', 'multiple' => 'esc_attr', 'name' => 'esc_attr', 'placeholder' => 'esc_attr', 'required' => 'esc_attr', 'rows' => 'esc_attr', 'size' => 'esc_attr', 'sizes' => 'esc_attr', 'srcset' => 'esc_attr', 'step' => 'esc_attr', 'tabindex' => 'esc_attr', 'target' => 'esc_attr', 'title' => 'esc_attr', 'type' => 'esc_attr', 'value' => 'esc_attr', 'width' => 'esc_attr', // We just pick some of the HTML attributes containing a URL. // @see https://developer.wordpress.org/reference/functions/wp_kses_uri_attributes/ 'action' => 'esc_url', 'background' => 'esc_url', 'formaction' => 'esc_url', 'href' => 'esc_url', 'icon' => 'esc_url', 'poster' => 'esc_url', 'src' => 'esc_url', 'usemap' => 'esc_url', ); /** * Filters allowed attributes * * @since 3.27.1? * * @param array $allowed_attrs_default Key/value paired array, the key used as the attribute identifier, * the value used as the callback to escape the value. * @param string $attr_key Element attribute key. * @param (string|array) $attr_value Element attribute value. * * @return array */ $allowed_attrs = apply_filters( 'et_core_esc_attr', $allowed_attrs_default, $attr_key, $attr_value ); // Get attribute key callback. $callback = isset( $allowed_attrs[ $attr_key ] ) && 'data-*' !== $attr_key ? $allowed_attrs[ $attr_key ] : false; // Get data attribute key callback. if ( ! $callback && 'data-*' !== $attr_key && 0 === strpos( $attr_key, 'data-' ) && isset( $allowed_attrs['data-*'] ) ) { $callback = $allowed_attrs['data-*']; } if ( ! $callback || ! is_callable( $callback ) ) { return new WP_Error( 'invalid_attr_key', __( 'Invalid attribute key', 'et_builder' ) ); } if ( is_array( $attr_value ) ) { return array_map( $callback, $attr_value ); } // @phpcs:ignore Generic.PHP.ForbiddenFunctions.Found return call_user_func( $callback, $attr_value ); } endif; if ( ! function_exists( 'et_core_sanitize_element_tag' ) ): /** * Sanitize element tag * * @since 3.27.1? * * @param string $tag Element tag. * * @return (string|WP_Error) */ function et_core_sanitize_element_tag( $tag ) { $tag = strtolower( $tag ); $headings = array( 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', ); // Bail early for heading tags. if ( in_array( $tag, $headings, true ) ) { return $tag; } $tag = preg_replace( '/[^a-z]/', '', $tag ); $disallowed_tags = array( 'applet', 'body', 'canvas', 'command', 'content', 'element', 'embed', 'frame', 'frameset', 'head', 'html', 'iframe', 'noembed', 'noframes', 'noscript', 'object', 'param', 'script', 'shadow', 'slot', 'style', 'template', 'title', 'xml', ); if ( empty( $tag ) || in_array( $tag, $disallowed_tags, true ) ) { return new WP_Error( 'invalid_element_tag', __( 'Invalid tag element', 'et_builder' ) ); } return $tag; } endif; /** * Pass thru semantical previously escaped acknowledgement * * @since 3.17.3 * * @param string value being passed through * @return string */ if ( ! function_exists( 'et_core_esc_previously' ) ) : function et_core_esc_previously( $passthru ) { return $passthru; } endif; /** * Pass thru function used to pacfify phpcs sniff. * Used when the nonce is checked elsewhere. * * @since 3.17.3 * * @return void */ if ( ! function_exists( 'et_core_nonce_verified_previously' ) ) : function et_core_nonce_verified_previously() { // :) } endif; /** * Pass thru semantical escaped by WordPress core acknowledgement * * @since 3.17.3 * * @param string value being passed through * @return string */ if ( ! function_exists( 'et_core_esc_wp' ) ) : function et_core_esc_wp( $passthru ) { return $passthru; } endif; /** * Pass thru semantical intentionally unescaped acknowledgement * * @since 3.17.3 * * @param string value being passed through * @param string excuse the value is allowed to be unescaped * @return string */ if ( ! function_exists( 'et_core_intentionally_unescaped' ) ) : function et_core_intentionally_unescaped( $passthru, $excuse ) { // Add valid excuses as they arise $valid_excuses = array( 'cap_based_sanitized', 'fixed_string', 'react_jsx', 'html', 'underscore_template', ); if ( ! in_array( $excuse, $valid_excuses ) ) { _doing_it_wrong( __FUNCTION__, esc_html__( 'This is not a valid excuse to not escape the passed value.', 'et_core' ), esc_html( et_get_theme_version() ) ); } return $passthru; } endif; /** * Sanitize value depending on user capability * * @since 3.17.3 * * @return string value being passed through */ if ( ! function_exists( 'et_core_sanitize_value_by_cap' ) ) : function et_core_sanitize_value_by_cap( $passthru, $sanitize_function = 'et_sanitize_html_input_text', $cap = 'unfiltered_html' ) { if ( ! current_user_can( $cap ) ) { $passthru = $sanitize_function( $passthru ); } return $passthru; } endif; /** * Pass thru semantical intentionally unsanitized acknowledgement * * @since 3.17.3 * * @param string value being passed through * @param string excuse the value is allowed to be unsanitized * @return string */ if ( ! function_exists( 'et_core_intentionally_unsanitized' ) ) : function et_core_intentionally_unsanitized( $passthru, $excuse ) { // Add valid excuses as they arise $valid_excuses = array(); if ( ! in_array( $excuse, $valid_excuses ) ) { _doing_it_wrong( __FUNCTION__, esc_html__( 'This is not a valid excuse to not sanitize the passed value.', 'et_core' ), esc_html( et_get_theme_version() ) ); } return $passthru; } endif; /** * Fixes unclosed HTML tags * * @since 3.18.4 * * @param string $content source HTML * * @return string */ if ( ! function_exists( 'et_core_fix_unclosed_html_tags' ) ): function et_core_fix_unclosed_html_tags( $content ) { // Exit if source has no HTML tags or we miss what we need to fix them anyway. if ( false === strpos( $content, '<' ) || ! class_exists( 'DOMDocument' ) ) { return $content; } $scripts = false; if ( false !== strpos( $content, '[\s\S]+?|', array( $scripts, 'replace' ), $content ); } $doc = new DOMDocument(); @$doc->loadHTML( sprintf( '%s%s', // Use WP charset sprintf( '', get_bloginfo( 'charset' ) ), $content ) ); if ( preg_match( '|([\s\S]+)|', $doc->saveHTML(), $matches ) ) { // Extract the fixed content. $content = $matches[1]; } if ( $scripts ) { // Replace placeholders with scripts. $content = strtr( $content, $scripts->map() ); } return $content; } endif; /** * Converts string to UTF-8 if mb_convert_encoding function exists * * @since 3.19.17 * * @param string $string source string * * @return string */ if ( ! function_exists( 'et_core_maybe_convert_to_utf_8' ) ): function et_core_maybe_convert_to_utf_8( $string ) { if ( function_exists( 'mb_convert_encoding' ) ) { return mb_convert_encoding( $string, 'UTF-8' ); } return $string; } endif;