diff -r c7c34916027a -r 177826044cd9 wp/wp-includes/shortcodes.php --- a/wp/wp-includes/shortcodes.php Mon Oct 14 18:06:33 2019 +0200 +++ b/wp/wp-includes/shortcodes.php Mon Oct 14 18:28:13 2019 +0200 @@ -88,10 +88,10 @@ * * @param string $tag Shortcode tag to remove hook for. */ -function remove_shortcode($tag) { +function remove_shortcode( $tag ) { global $shortcode_tags; - unset($shortcode_tags[$tag]); + unset( $shortcode_tags[ $tag ] ); } /** @@ -144,8 +144,9 @@ if ( shortcode_exists( $tag ) ) { preg_match_all( '/' . get_shortcode_regex() . '/', $content, $matches, PREG_SET_ORDER ); - if ( empty( $matches ) ) + if ( empty( $matches ) ) { return false; + } foreach ( $matches as $shortcode ) { if ( $tag === $shortcode[2] ) { @@ -180,8 +181,9 @@ return $content; } - if (empty($shortcode_tags) || !is_array($shortcode_tags)) + if ( empty( $shortcode_tags ) || ! is_array( $shortcode_tags ) ) { return $content; + } // Find all registered tag names in $content. preg_match_all( '@\[([^<>&/\[\]\x00-\x20=]++)@', $content, $matches ); @@ -231,12 +233,14 @@ if ( empty( $tagnames ) ) { $tagnames = array_keys( $shortcode_tags ); } - $tagregexp = join( '|', array_map('preg_quote', $tagnames) ); + $tagregexp = join( '|', array_map( 'preg_quote', $tagnames ) ); // WARNING! Do not change this regex without changing do_shortcode_tag() and strip_shortcode_tag() // Also, see shortcode_unautop() and shortcode.js. + + // phpcs:disable Squiz.Strings.ConcatenationSpacing.PaddingFound -- don't remove regex indentation return - '\\[' // Opening bracket + '\\[' // Opening bracket . '(\\[?)' // 1: Optional second opening bracket for escaping shortcodes: [[tag]] . "($tagregexp)" // 2: Shortcode name . '(?![\\w-])' // Not followed by word character or hyphen @@ -264,10 +268,12 @@ . ')?' . ')' . '(\\]?)'; // 6: Optional second closing brocket for escaping shortcodes: [[tag]] + // phpcs:enable } /** * Regular Expression callable for do_shortcode() for calling shortcode hook. + * * @see get_shortcode_regex for details of the match array contents. * * @since 2.5.0 @@ -283,10 +289,10 @@ // allow [[foo]] syntax for escaping a tag if ( $m[1] == '[' && $m[6] == ']' ) { - return substr($m[0], 1, -1); + return substr( $m[0], 1, -1 ); } - $tag = $m[2]; + $tag = $m[2]; $attr = shortcode_parse_atts( $m[3] ); if ( ! is_callable( $shortcode_tags[ $tag ] ) ) { @@ -348,9 +354,15 @@ */ function do_shortcodes_in_html_tags( $content, $ignore_html, $tagnames ) { // Normalize entities in unfiltered HTML before adding placeholders. - $trans = array( '[' => '[', ']' => ']' ); + $trans = array( + '[' => '[', + ']' => ']', + ); $content = strtr( $content, $trans ); - $trans = array( '[' => '[', ']' => ']' ); + $trans = array( + '[' => '[', + ']' => ']', + ); $pattern = get_shortcode_regex( $tagnames ); $textarr = wp_html_split( $content ); @@ -360,7 +372,7 @@ continue; } - $noopen = false === strpos( $element, '[' ); + $noopen = false === strpos( $element, '[' ); $noclose = false === strpos( $element, ']' ); if ( $noopen || $noclose ) { // This element does not contain shortcodes. @@ -390,15 +402,15 @@ } // Get element name - $front = array_shift( $attributes ); - $back = array_pop( $attributes ); + $front = array_shift( $attributes ); + $back = array_pop( $attributes ); $matches = array(); - preg_match('%[a-zA-Z0-9]+%', $front, $matches); + preg_match( '%[a-zA-Z0-9]+%', $front, $matches ); $elname = $matches[0]; // Look for shortcodes in each attribute separately. foreach ( $attributes as &$attr ) { - $open = strpos( $attr, '[' ); + $open = strpos( $attr, '[' ); $close = strpos( $attr, ']' ); if ( false === $open || false === $close ) { continue; // Go to next attribute. Square braces will be escaped at end of loop. @@ -414,7 +426,7 @@ } else { // $attr like 'name = "[shortcode]"' or "name = '[shortcode]'" // We do not know if $content was unfiltered. Assume KSES ran before shortcodes. - $count = 0; + $count = 0; $new_attr = preg_replace_callback( "/$pattern/", 'do_shortcode_tag', $attr, -1, $count ); if ( $count > 0 ) { // Sanitize the shortcode output using KSES. @@ -446,11 +458,15 @@ * @return string Content with placeholders removed. */ function unescape_invalid_shortcodes( $content ) { - // Clean up entire string, avoids re-parsing HTML. - $trans = array( '[' => '[', ']' => ']' ); - $content = strtr( $content, $trans ); + // Clean up entire string, avoids re-parsing HTML. + $trans = array( + '[' => '[', + ']' => ']', + ); - return $content; + $content = strtr( $content, $trans ); + + return $content; } /** @@ -479,28 +495,29 @@ * Returns empty string if trim( $text ) == ''. * All other matches are checked for not empty(). */ -function shortcode_parse_atts($text) { - $atts = array(); +function shortcode_parse_atts( $text ) { + $atts = array(); $pattern = get_shortcode_atts_regex(); - $text = preg_replace("/[\x{00a0}\x{200b}]+/u", " ", $text); - if ( preg_match_all($pattern, $text, $match, PREG_SET_ORDER) ) { - foreach ($match as $m) { - if (!empty($m[1])) - $atts[strtolower($m[1])] = stripcslashes($m[2]); - elseif (!empty($m[3])) - $atts[strtolower($m[3])] = stripcslashes($m[4]); - elseif (!empty($m[5])) - $atts[strtolower($m[5])] = stripcslashes($m[6]); - elseif (isset($m[7]) && strlen($m[7])) - $atts[] = stripcslashes($m[7]); - elseif (isset($m[8]) && strlen($m[8])) - $atts[] = stripcslashes($m[8]); - elseif (isset($m[9])) - $atts[] = stripcslashes($m[9]); + $text = preg_replace( "/[\x{00a0}\x{200b}]+/u", ' ', $text ); + if ( preg_match_all( $pattern, $text, $match, PREG_SET_ORDER ) ) { + foreach ( $match as $m ) { + if ( ! empty( $m[1] ) ) { + $atts[ strtolower( $m[1] ) ] = stripcslashes( $m[2] ); + } elseif ( ! empty( $m[3] ) ) { + $atts[ strtolower( $m[3] ) ] = stripcslashes( $m[4] ); + } elseif ( ! empty( $m[5] ) ) { + $atts[ strtolower( $m[5] ) ] = stripcslashes( $m[6] ); + } elseif ( isset( $m[7] ) && strlen( $m[7] ) ) { + $atts[] = stripcslashes( $m[7] ); + } elseif ( isset( $m[8] ) && strlen( $m[8] ) ) { + $atts[] = stripcslashes( $m[8] ); + } elseif ( isset( $m[9] ) ) { + $atts[] = stripcslashes( $m[9] ); + } } // Reject any unclosed HTML elements - foreach( $atts as &$value ) { + foreach ( $atts as &$value ) { if ( false !== strpos( $value, '<' ) ) { if ( 1 !== preg_match( '/^[^<]*+(?:<[^>]*+>[^<]*+)*+$/', $value ) ) { $value = ''; @@ -508,7 +525,7 @@ } } } else { - $atts = ltrim($text); + $atts = ltrim( $text ); } return $atts; } @@ -531,13 +548,14 @@ * @return array Combined and filtered attribute list. */ function shortcode_atts( $pairs, $atts, $shortcode = '' ) { - $atts = (array)$atts; - $out = array(); - foreach ($pairs as $name => $default) { - if ( array_key_exists($name, $atts) ) - $out[$name] = $atts[$name]; - else - $out[$name] = $default; + $atts = (array) $atts; + $out = array(); + foreach ( $pairs as $name => $default ) { + if ( array_key_exists( $name, $atts ) ) { + $out[ $name ] = $atts[ $name ]; + } else { + $out[ $name ] = $default; + } } /** * Filters a shortcode's default attributes. @@ -577,8 +595,9 @@ return $content; } - if (empty($shortcode_tags) || !is_array($shortcode_tags)) + if ( empty( $shortcode_tags ) || ! is_array( $shortcode_tags ) ) { return $content; + } // Find all registered tag names in $content. preg_match_all( '@\[([^<>&/\[\]\x00-\x20=]++)@', $content, $matches ); @@ -590,8 +609,8 @@ * * @since 4.7.0 * - * @param array $tag_array Array of shortcode tags to remove. - * @param string $content Content shortcodes are being removed from. + * @param array $tags_to_remove Array of shortcode tags to remove. + * @param string $content Content shortcodes are being removed from. */ $tags_to_remove = apply_filters( 'strip_shortcodes_tagnames', $tags_to_remove, $content ); @@ -623,7 +642,7 @@ function strip_shortcode_tag( $m ) { // allow [[foo]] syntax for escaping a tag if ( $m[1] == '[' && $m[6] == ']' ) { - return substr($m[0], 1, -1); + return substr( $m[0], 1, -1 ); } return $m[1] . $m[6];