is_client_error
is_error
is_info
is_redirect
is_server_error
is_success
kses_init
kses_init_filters
kses_remove_filters
parse_w3cdtf
safecss_filter_attr
valid_unicode
wp_filter_kses
wp_filter_nohtml_kses
wp_filter_post_kses
wp_kses
wp_kses_allowed_html
wp_kses_array_lc
wp_kses_attr
wp_kses_attr_check
wp_kses_attr_parse
wp_kses_bad_protocol
wp_kses_bad_protocol_once
wp_kses_check_attr_val
wp_kses_data
wp_kses_decode_entities
wp_kses_hair
wp_kses_hair_parse
wp_kses_hook
wp_kses_html_error
wp_kses_named_entities
wp_kses_no_null
wp_kses_normalize_entities
wp_kses_one_attr
wp_kses_post
wp_kses_post_deep
wp_kses_split
wp_kses_stripslashes
wp_kses_uri_attributes
wp_kses_version
wp_kses_xml_named_entities
ATOM
CUSTOM_TAGS
MAGPIE_CACHE_AGE
MAGPIE_CACHE_DIR
MAGPIE_CACHE_FRESH_ONLY
MAGPIE_CACHE_ON
MAGPIE_DEBUG
MAGPIE_FETCH_TIME_OUT
MAGPIE_INITALIZED
MAGPIE_USER_AGENT
MAGPIE_USE_GZIP
RSS
kses_init()
First removes all of the KSES filters in case the current user does not need
to have KSES filter the content. If the user does not have unfiltered_html
capability, then KSES filters are added.
| package | External |
|---|---|
| since | 2.0.0 |
kses_init_filters()
All hooks have default priority. The wp_filter_kses() function is added to
the 'pre_comment_content' and 'title_save_pre' hooks.
The wp_filter_post_kses() function is added to the 'content_save_pre',
'excerpt_save_pre', and 'content_filtered_save_pre' hooks.
| package | External |
|---|---|
| since | 2.0.0 |
kses_remove_filters()
A quick procedural method to removing all of the filters that KSES uses for content in WordPress Loop.
Does not remove the kses_init() function from \'init' hook (priority is
default). Also does not remove kses_init() function from \'set_current_user'
hook (priority is also default).
| package | External |
|---|---|
| since | 2.0.6 |
safecss_filter_attr(string $css, string $deprecated = '') : string
| package | External |
|---|---|
| since | 2.8.1 |
stringA string of CSS rules.
stringNot used.
stringFiltered string of CSS rules.valid_unicode(integer $i) : boolean
| package | External |
|---|---|
| since | 2.7.0 |
integerUnicode codepoint.
booleanWhether or not the codepoint is a valid Unicode codepoint.wp_filter_kses(string $data) : string
This function expects slashed data.
| package | External |
|---|---|
| since | 1.0.0 |
stringContent to filter, expected to be escaped with slashes.
stringFiltered content.wp_filter_nohtml_kses(string $data) : string
This function expects slashed data.
| package | External |
|---|---|
| since | 2.1.0 |
stringContent to strip all HTML from.
stringFiltered content without any HTML.wp_filter_post_kses(string $data) : string
Post content refers to the page contents of the 'post' type and not $_POST
data from forms.
This function expects slashed data.
| package | External |
|---|---|
| since | 2.0.0 |
stringPost content to filter, expected to be escaped with slashes.
stringFiltered post content with allowed HTML tags and attributes intact.wp_kses(string $string, array<mixed,array>|string $allowed_html, array<mixed,string> $allowed_protocols = array()) : string
This function makes sure that only the allowed HTML element names, attribute names, attribute values, and HTML entities will occur in the given text string.
This function expects unslashed data.
| package | External |
|---|---|
| see | for specifically filtering post content and fields. |
| see | for the default allowed protocols in link URLs. |
| since | 1.0.0 |
stringText content to filter.
array<mixed,array>stringAn array of allowed HTML elements and attributes, or a context name such as 'post'. See wp_kses_allowed_html() for the list of accepted context names.
array<mixed,string>Array of allowed URL protocols.
stringFiltered content containing only the allowed HTML.wp_kses_allowed_html(string|array $context = '') : array
| package | External |
|---|---|
| since | 3.5.0 |
| since | 5.0.1 `form` removed as allowable HTML tag. |
| global | array $allowedposttags |
| global | array $allowedtags |
| global | array $allowedentitynames |
stringarrayThe context for which to retrieve tags. Allowed values are 'post', 'strip', 'data', 'entities', or the name of a field filter such as 'pre_user_description'.
arrayArray of allowed HTML tags and their allowed attributes.wp_kses_array_lc(array $inarray) : array
| package | External |
|---|---|
| since | 1.0.0 |
arrayUnfiltered array.
arrayFixed array with all lowercase keys.wp_kses_attr(string $element, string $attr, array<mixed,array>|string $allowed_html, array<mixed,string> $allowed_protocols) : string
If some are allowed it calls wp_kses_hair() to split them further, and then
it builds up new HTML code from the data that kses_hair() returns. It also
removes < and > characters, if there are any left. One more thing it does
is to check if the tag has a closing XHTML slash, and if it does, it puts one
in the returned code as well.
| package | External |
|---|---|
| since | 1.0.0 |
stringHTML element/tag.
stringHTML attributes from HTML element to closing HTML element tag.
array<mixed,array>stringAn array of allowed HTML elements and attributes, or a context name such as 'post'. See wp_kses_allowed_html() for the list of accepted context names.
array<mixed,string>Array of allowed URL protocols.
stringSanitized HTML element.wp_kses_attr_check(string $name, string $value, string $whole, string $vless, string $element, array $allowed_html) : boolean
| package | External |
|---|---|
| since | 4.2.3 |
| since | 5.0.0 Add support for `data-*` wildcard attributes. |
stringThe attribute name. Passed by reference. Returns empty string when not allowed.
stringThe attribute value. Passed by reference. Returns a filtered value.
stringThe name=value input. Passed by reference. Returns filtered input.
stringWhether the attribute is valueless. Use 'y' or 'n'.
stringThe name of the element to which this attribute belongs.
arrayThe full list of allowed elements and attributes.
booleanWhether or not the attribute is allowed.wp_kses_attr_parse(string $element) : array | boolean
Does not modify input. May return "evil" output.
Based on wp_kses_split2() and wp_kses_attr().
| package | External |
|---|---|
| since | 4.2.3 |
stringHTML element.
arraybooleanList of attributes found in the element. Returns false on failure.wp_kses_bad_protocol(string $string, array<mixed,string> $allowed_protocols) : string
This function removes all non-allowed protocols from the beginning of the
string. It ignores whitespace and the case of the letters, and it does
understand HTML entities. It does its work recursively, so it won't be
fooled by a string like javascript:javascript:alert(57).
| package | External |
|---|---|
| since | 1.0.0 |
stringContent to filter bad protocols from.
array<mixed,string>Array of allowed URL protocols.
stringFiltered content.wp_kses_bad_protocol_once(string $string, array<mixed,string> $allowed_protocols, integer $count = 1) : string
This function searches for URL protocols at the beginning of the string, while handling whitespace and HTML entities.
| package | External |
|---|---|
| since | 1.0.0 |
stringContent to check for bad protocols.
array<mixed,string>Array of allowed URL protocols.
integerDepth of call recursion to this function.
stringSanitized content.wp_kses_check_attr_val(string $value, string $vless, string $checkname, mixed $checkvalue) : boolean
The currently implemented checks are "maxlen", "minlen", "maxval", "minval", and "valueless".
| package | External |
|---|---|
| since | 1.0.0 |
stringAttribute value.
stringWhether the attribute is valueless. Use 'y' or 'n'.
stringWhat $checkvalue is checking for.
mixedWhat constraint the value should pass.
booleanWhether check passes.wp_kses_data(string $data) : string
This function expects unslashed data.
| package | External |
|---|---|
| since | 2.9.0 |
stringContent to filter, expected to not be escaped.
stringFiltered content.wp_kses_decode_entities(string $string) : string
This function decodes numeric HTML entities (A and A).
It doesn't do anything with named entities like ä, but we don't
need them in the allowed URL protocols system anyway.
| package | External |
|---|---|
| since | 1.0.0 |
stringContent to change entities.
stringContent after decoded entities.wp_kses_hair(string $attr, array<mixed,string> $allowed_protocols) : array<mixed,array>
This function does a lot of work. It parses an attribute list into an array
with attribute data, and tries to do the right thing even if it gets weird
input. It will add quotes around attribute values that don't have any quotes
or apostrophes around them, to make it easier to produce HTML code that will
conform to W3C's HTML specification. It will also remove bad URL protocols
from attribute values. It also reduces duplicate attributes by using the
attribute defined first (foo='bar' foo='baz' will result in foo='bar').
| package | External |
|---|---|
| since | 1.0.0 |
stringAttribute list from HTML element to closing HTML element tag.
array<mixed,string>Array of allowed URL protocols.
array<mixed,array>Array of attribute information after parsing.wp_kses_hair_parse(string $attr) : array | boolean
Does not modify input. May return "evil" output. In case of unexpected input, returns false instead of stripping things.
Based on wp_kses_hair() but does not return a multi-dimensional array.
| package | External |
|---|---|
| since | 4.2.3 |
stringAttribute list from HTML element to closing HTML element tag.
arraybooleanList of attributes found in $attr. Returns false on failure.wp_kses_hook(string $string, array<mixed,array>|string $allowed_html, array<mixed,string> $allowed_protocols) : string
There is currently only one KSES WordPress hook, \'pre_kses', and it is called here. All parameters are passed to the hooks and expected to receive a string.
| package | External |
|---|---|
| since | 1.0.0 |
stringContent to filter through KSES.
array<mixed,array>stringAn array of allowed HTML elements and attributes, or a context name such as 'post'. See wp_kses_allowed_html() for the list of accepted context names.
array<mixed,string>Array of allowed URL protocols.
stringFiltered content through {@see 'pre_kses'} hook.wp_kses_html_error(string $string) : string
The general plan is to remove everything to and including some whitespace, but it deals with quotes and apostrophes as well.
| package | External |
|---|---|
| since | 1.0.0 |
string
stringwp_kses_named_entities(array $matches) : string
This function only accepts valid named entity references, which are finite, case-sensitive, and highly scrutinized by HTML and XML validators.
| package | External |
|---|---|
| since | 3.0.0 |
| global | array $allowedentitynames |
arraypreg_replace_callback() matches array.
stringCorrectly encoded entity.wp_kses_no_null(string $string, array $options = null) : string
Also removes any instance of the \0 string.
| package | External |
|---|---|
| since | 1.0.0 |
stringContent to filter null characters from.
arraySet 'slash_zero' => 'keep' when '\0' is allowed. Default is 'remove'.
stringFiltered content.wp_kses_normalize_entities(string $string, string $context = 'html') : string
This function normalizes HTML entities. It will convert AT&T to the correct
AT&T, : to :, &#XYZZY; to &#XYZZY; and so on.
When $context is set to 'xml', HTML entities are converted to their code points. For
example, AT&T…&#XYZZY; is converted to AT&T…&#XYZZY;.
| package | External |
|---|---|
| since | 1.0.0 |
| since | 5.5.0 Added `$context` parameter. |
stringContent to normalize entities.
stringContext for normalization. Can be either 'html' or 'xml'. Default 'html'.
stringContent with normalized entities.wp_kses_one_attr(string $string, string $element) : string
This function can escape data in some situations where wp_kses() must strip the whole attribute.
| package | External |
|---|---|
| since | 4.2.3 |
stringThe 'whole' attribute, including name and value.
stringThe HTML element name to which the attribute belongs.
stringFiltered attribute.wp_kses_post(string $data) : string
Post content refers to the page contents of the 'post' type and not $_POST
data from forms.
This function expects unslashed data.
| package | External |
|---|---|
| since | 2.9.0 |
stringPost content to filter.
stringFiltered post content with allowed HTML tags and attributes intact.wp_kses_post_deep(mixed $data) : mixed
| package | External |
|---|---|
| since | 4.4.2 |
| see |
mixedThe array, object, or scalar value to inspect.
mixedThe filtered content.wp_kses_split(string $string, array<mixed,array>|string $allowed_html, array<mixed,string> $allowed_protocols) : string
It also matches stray > characters.
| package | External |
|---|---|
| since | 1.0.0 |
| global | array[]|string $pass_allowed_html An array of allowed HTML elements and attributes, or a context name such as 'post'. |
| global | string[] $pass_allowed_protocols Array of allowed URL protocols. |
stringContent to filter.
array<mixed,array>stringAn array of allowed HTML elements and attributes, or a context name such as 'post'. See wp_kses_allowed_html() for the list of accepted context names.
array<mixed,string>Array of allowed URL protocols.
stringContent with fixed HTML tagswp_kses_stripslashes(string $string) : string
This function changes the character sequence \" to just ". It leaves all other
slashes alone. The quoting from preg_replace(//e) requires this.
| package | External |
|---|---|
| since | 1.0.0 |
stringString to strip slashes from.
stringFixed string with quoted slashes.wp_kses_uri_attributes() : array<mixed,string>
This function returns a list of all HTML attributes that must contain a URL according to the HTML specification.
This list includes URI attributes both allowed and disallowed by KSES.
| package | External |
|---|---|
| link | https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes |
| since | 5.0.1 |
array<mixed,string>HTML attribute names whose value contains a URL.wp_kses_version() : string
wp_kses_xml_named_entities(array $matches) : string
This function only accepts valid named entity references, which are finite, case-sensitive, and highly scrutinized by XML validators. HTML named entity references are converted to their code points.
| package | External |
|---|---|
| since | 5.5.0 |
| global | array $allowedentitynames |
| global | array $allowedxmlnamedentities |
arraypreg_replace_callback() matches array.
stringCorrectly encoded entity._fetch_remote_file(string $url, array $headers = "") : \Snoopy
_response_to_rss(array $resp) : \MagpieRSS | boolean
fetch_rss(string $url) : boolean | \MagpieRSS
get_rss(string $url, integer $num_items = 5) : boolean
You have to specify which HTML list you want, either ordered or unordered before using the function. You also have to specify how many items you wish to display. You can't display all of them like you can with wp_rss() function.
| package | External |
|---|---|
| package | External |
| since | 1.5.0 |
| subpackage | MagpieRSS |
stringURL of feed to display. Will not auto sense feed URL.
integerOptional. Number of items to display, default is all.
booleanFalse on failure.init()
wp_rss(string $url, integer $num_items = -1)