Last active
April 17, 2018 19:45
-
-
Save tomjn/d10a52b7a339d9d076c7 to your computer and use it in GitHub Desktop.
Revisions
-
tomjn revised this gist
Apr 17, 2018 . 1 changed file with 5 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,6 @@ === Escaping Checker === Contributors: tjnowell Donate link: https://tomjn.com/ Tags: security Requires at least: 4.3 Tested up to: 4.95 @@ -34,6 +34,10 @@ Yes! But not every function listed here is an escaping function, there are valid == Changelog == = 1.1 = * Put a green or yellow border around output depending on wether it matches the original input * Bumped tested WP version to 4.9.5 = 1.0 = * Added `behave.js` to make typing content easier -
Apr 17, 2018 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -88,10 +88,10 @@ function tomjn_escaping_tests(){ min-height: 200px; } .tomjn_escape_same { outline: 2px solid rgb(163, 190, 140); } .tomjn_escape_different { outline: 2px solid rgb(235, 203, 139); } </style> <script> @@ -123,7 +123,7 @@ function tomjn_escaping_tests(){ <dl> <?php foreach($esc_array as $key => $val) { $class = 'tomjn_escape_different'; if ( $val === $value ) { $class = 'tomjn_escape_same'; } -
Apr 17, 2018 . 2 changed files with 39 additions and 28 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -3,8 +3,8 @@ Contributors: tjnowell Donate link: http://example.com/ Tags: security Requires at least: 4.3 Tested up to: 4.95 Stable tag: 1.1 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -30,11 +30,7 @@ Yes! But not every function listed here is an escaping function, there are valid == Screenshots == 1. The escaping form == Changelog == This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,11 +1,11 @@ <?php /* Plugin Name: Toms Escaping tester Plugin URI: https://tomjn.com Description: Provides a tomjn_esc_test shortcode that lets you test values with escaping Author: Tom J Nowell Version: 1.1 Author URI: https://www.tomjn.com/escaping License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html This program is free software: you can redistribute it and/or modify @@ -21,9 +21,8 @@ */ function tomjn_escaping_tests(){ $value = (!empty( $_POST['tomjn_esc_value'] ) ) ? $_POST['tomjn_esc_value'] : false; $esc_array = array(); if ( $value ) { global $wpdb; @@ -76,16 +75,24 @@ function tomjn_escaping_tests(){ ob_start(); ?> <form action="" method="post"> <p> <textarea id="tomjn_escape_textarea" name="tomjn_esc_value"><?php if ( $value ) { echo wp_unslash( esc_html( $esc_array['esc_textarea'] ) ); } ?></textarea> </p> <style> #tomjn_escape_textarea { font-family: monospace; min-height: 200px; } .tomjn_escape_same { border:1px solid rgb(163, 190, 140); } .tomjn_escape_different { border:1px solid rgb(235, 203, 139); } </style> <script> jQuery(document).ready( function() { @@ -98,12 +105,12 @@ function tomjn_escaping_tests(){ var editor = new Behave({ textarea: document.getElementById('tomjn_escape_textarea'), replaceTab: true, softTabs: false, tabSize: 4, autoOpen: true, overwrite: true, autoStrip: true, autoIndent: true }); }); </script> @@ -114,10 +121,18 @@ function tomjn_escaping_tests(){ if ( $value ) { ?> <dl> <?php foreach($esc_array as $key => $val) { $clss = 'tomjn_escape_different'; if ( $val === $value ) { $class = 'tomjn_escape_same'; } ?> <dt><?php echo esc_html( $key ); ?></dt> <dd><pre class="<?php echo esc_attr( $class ); ?>"><?php echo htmlspecialchars( $val ); ?></pre></dd> <?php } ?> </dl> <?php } -
Dec 26, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -3,7 +3,7 @@ Contributors: tjnowell Donate link: http://example.com/ Tags: security Requires at least: 4.3 Tested up to: 4.4 Stable tag: 1.0 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html -
Dec 26, 2015 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -77,8 +77,8 @@ function tomjn_escaping_tests(){ ?> <form action="" method="post"> <textarea id="tomjn_escape_textarea" name="tomjn_esc_value"><?php if ( $value ) { echo wp_unslash( esc_html( $esc_array['esc_textarea'] ) ); } ?></textarea> <style> -
Nov 1, 2015 . 1 changed file with 45 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,45 @@ === Escaping Checker === Contributors: tjnowell Donate link: http://example.com/ Tags: security Requires at least: 4.3 Tested up to: 4.3 Stable tag: 1.0 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html A handy tool for checking the output of escaping, sanitization and validation functions == Description == This plugin adds a shortcode that when used inserts an escaping checker. The checker gives you a form you can enter potentially unsafe content into, and when submitted, passes that content through every sanitisation, validation and escaping function in WordPress Core, and some PHP Core functions == Installation == 1. Upload the plugin folder into the `/wp-content/plugins/` directory 1. Activate the plugin through the 'Plugins' menu in WordPress 1. Place the `[tomjn_escaping_tests]` in a page or post and save If you prefer to create a dedicate page template, use `echo tomjn_escaping_tests();` == Frequently Asked Questions == = There's a Lot of Escaping Functions! = Yes! But not every function listed here is an escaping function, there are validation and sanitising functions too, some of them are PHP Core functions rather than WordPress functions == Screenshots == 1. This screen shot description corresponds to screenshot-1.(png|jpg|jpeg|gif). Note that the screenshot is taken from the /assets directory or the directory that contains the stable readme.txt (tags or trunk). Screenshots in the /assets directory take precedence. For example, `/assets/screenshot-1.png` would win over `/tags/4.3/screenshot-1.png` (or jpg, jpeg, gif). 2. This is the second screen shot == Changelog == = 1.0 = * Added `behave.js` to make typing content easier == Upgrade Notice == -
Oct 2, 2015 . 1 changed file with 12 additions and 12 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -49,23 +49,23 @@ function tomjn_escaping_tests(){ 'sanitize_file_name' => sanitize_file_name($value), 'sanitize_html_class' => sanitize_html_class($value), 'sanitize_key' => sanitize_key($value), /*'sanitize_meta' => sanitize_meta($value), doesn't make sense to run */ 'sanitize_mime_type' => sanitize_mime_type($value), /*'sanitize_option' => sanitize_option($value), this needs 2 values, and sanitising depends on param 1 */ /*'sanitize_post' => sanitize_post($value), this isn't a WP_Post object */ 'sanitize_sql_orderby' => sanitize_sql_orderby($value), /*'sanitize_term' => sanitize_term($value), expects a WP_Term and a taxonomy*/ /*'sanitize_term_field' => sanitize_term_field($value), same as above*/ 'sanitize_text_field' => sanitize_text_field($value), 'sanitize_title' => sanitize_title($value), 'sanitize_title_for_query' => sanitize_title_for_query($value), 'sanitize_title_with_dashes' => sanitize_title_with_dashes( $value ), 'sanitize_user' => sanitize_user( $value ), 'balanceTags' => balanceTags( $value ), 'tag_escape' => tag_escape( $value ), 'addslashes' => addslashes( $value ), '$wpdb->esc_like' => $wpdb->esc_like( $value ), '$wpdb->prepare' => $wpdb->prepare( $value, array() ), ); -
Oct 2, 2015 . 1 changed file with 7 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -81,6 +81,12 @@ function tomjn_escaping_tests(){ echo esc_html( $esc_array['esc_textarea'] ); } ?></textarea> <style> #tomjn_escape_textarea { font-family: monospace; min-height: 200px; } </style> <script> jQuery(document).ready( function() { BehaveHooks.add(['keydown'], function(data){ @@ -91,7 +97,7 @@ function tomjn_escaping_tests(){ }); var editor = new Behave({ textarea: document.getElementById('tomjn_escape_textarea'), replaceTab: true, softTabs: false, tabSize: 4, autoOpen: true, -
Oct 2, 2015 . 1 changed file with 17 additions and 15 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -82,21 +82,23 @@ function tomjn_escaping_tests(){ } ?></textarea> <script> jQuery(document).ready( function() { BehaveHooks.add(['keydown'], function(data){ var numLines = data.lines.total, fontSize = parseInt( getComputedStyle(data.editor.element)['font-size'] ), padding = parseInt( getComputedStyle(data.editor.element)['padding'] ); data.editor.element.style.height = (((numLines*fontSize)+padding))+'px'; }); var editor = new Behave({ textarea: document.getElementById('tomjn_escape_textarea'), replaceTab: false, softTabs: false, tabSize: 4, autoOpen: true, overwrite: true, autoStrip: true, autoIndent: true }); }); </script> <p><input type="submit" value="Escape"></p> -
Oct 2, 2015 . 1 changed file with 22 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -71,15 +71,35 @@ function tomjn_escaping_tests(){ } wp_enqueue_script( 'behavejs', plugins_url( 'behave.js', __FILE__ ), array(), '1.5', true ); ob_start(); ?> <form action="" method="post"> <textarea id="tomjn_escape_textarea" name="tomjn_esc_value"><?php if ($value) { echo esc_html( $esc_array['esc_textarea'] ); } ?></textarea> <script> BehaveHooks.add(['keydown'], function(data){ var numLines = data.lines.total, fontSize = parseInt( getComputedStyle(data.editor.element)['font-size'] ), padding = parseInt( getComputedStyle(data.editor.element)['padding'] ); data.editor.element.style.height = (((numLines*fontSize)+padding))+'px'; }); var editor = new Behave({ textarea: document.getElementById('tomjn_escape_textarea'), replaceTab: false, softTabs: false, tabSize: 4, autoOpen: true, overwrite: true, autoStrip: true, autoIndent: true }); </script> <p><input type="submit" value="Escape"></p> </form> <p>Refresh rather than re-submit if you're having problems with expanding quote escaping</p> <?php -
Oct 2, 2015 . 1 changed file with 633 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,633 @@ /* * Behave.js * * Copyright 2013, Jacob Kelley - http://jakiestfu.com/ * Released under the MIT Licence * http://opensource.org/licenses/MIT * * Github: http://github.com/jakiestfu/Behave.js/ * Version: 1.5 */ (function(undefined){ 'use strict'; var BehaveHooks = BehaveHooks || (function(){ var hooks = {}; return { add: function(hookName, fn){ if(typeof hookName == "object"){ var i; for(i=0; i<hookName.length; i++){ var theHook = hookName[i]; if(!hooks[theHook]){ hooks[theHook] = []; } hooks[theHook].push(fn); } } else { if(!hooks[hookName]){ hooks[hookName] = []; } hooks[hookName].push(fn); } }, get: function(hookName){ if(hooks[hookName]){ return hooks[hookName]; } } }; })(), Behave = Behave || function (userOpts) { if (typeof String.prototype.repeat !== 'function') { String.prototype.repeat = function(times) { if(times < 1){ return ''; } if(times % 2){ return this.repeat(times - 1) + this; } var half = this.repeat(times / 2); return half + half; }; } if (typeof Array.prototype.filter !== 'function') { Array.prototype.filter = function(func /*, thisp */) { if (this === null) { throw new TypeError(); } var t = Object(this), len = t.length >>> 0; if (typeof func != "function"){ throw new TypeError(); } var res = [], thisp = arguments[1]; for (var i = 0; i < len; i++) { if (i in t) { var val = t[i]; if (func.call(thisp, val, i, t)) { res.push(val); } } } return res; }; } var defaults = { textarea: null, replaceTab: true, softTabs: true, tabSize: 4, autoOpen: true, overwrite: true, autoStrip: true, autoIndent: true, fence: false }, tab, newLine, charSettings = { keyMap: [ { open: "\"", close: "\"", canBreak: false }, { open: "'", close: "'", canBreak: false }, { open: "(", close: ")", canBreak: false }, { open: "[", close: "]", canBreak: true }, { open: "{", close: "}", canBreak: true } ] }, utils = { _callHook: function(hookName, passData){ var hooks = BehaveHooks.get(hookName); passData = typeof passData=="boolean" && passData === false ? false : true; if(hooks){ if(passData){ var theEditor = defaults.textarea, textVal = theEditor.value, caretPos = utils.cursor.get(), i; for(i=0; i<hooks.length; i++){ hooks[i].call(undefined, { editor: { element: theEditor, text: textVal, levelsDeep: utils.levelsDeep() }, caret: { pos: caretPos }, lines: { current: utils.cursor.getLine(textVal, caretPos), total: utils.editor.getLines(textVal) } }); } } else { for(i=0; i<hooks.length; i++){ hooks[i].call(undefined); } } } }, defineNewLine: function(){ var ta = document.createElement('textarea'); ta.value = "\n"; if(ta.value.length==2){ newLine = "\r\n"; } else { newLine = "\n"; } }, defineTabSize: function(tabSize){ if(typeof defaults.textarea.style.OTabSize != "undefined"){ defaults.textarea.style.OTabSize = tabSize; return; } if(typeof defaults.textarea.style.MozTabSize != "undefined"){ defaults.textarea.style.MozTabSize = tabSize; return; } if(typeof defaults.textarea.style.tabSize != "undefined"){ defaults.textarea.style.tabSize = tabSize; return; } }, cursor: { getLine: function(textVal, pos){ return ((textVal.substring(0,pos)).split("\n")).length; }, get: function() { if (typeof document.createElement('textarea').selectionStart==="number") { return defaults.textarea.selectionStart; } else if (document.selection) { var caretPos = 0, range = defaults.textarea.createTextRange(), rangeDupe = document.selection.createRange().duplicate(), rangeDupeBookmark = rangeDupe.getBookmark(); range.moveToBookmark(rangeDupeBookmark); while (range.moveStart('character' , -1) !== 0) { caretPos++; } return caretPos; } }, set: function (start, end) { if(!end){ end = start; } if (defaults.textarea.setSelectionRange) { defaults.textarea.focus(); defaults.textarea.setSelectionRange(start, end); } else if (defaults.textarea.createTextRange) { var range = defaults.textarea.createTextRange(); range.collapse(true); range.moveEnd('character', end); range.moveStart('character', start); range.select(); } }, selection: function(){ var textAreaElement = defaults.textarea, start = 0, end = 0, normalizedValue, range, textInputRange, len, endRange; if (typeof textAreaElement.selectionStart == "number" && typeof textAreaElement.selectionEnd == "number") { start = textAreaElement.selectionStart; end = textAreaElement.selectionEnd; } else { range = document.selection.createRange(); if (range && range.parentElement() == textAreaElement) { normalizedValue = utils.editor.get(); len = normalizedValue.length; textInputRange = textAreaElement.createTextRange(); textInputRange.moveToBookmark(range.getBookmark()); endRange = textAreaElement.createTextRange(); endRange.collapse(false); if (textInputRange.compareEndPoints("StartToEnd", endRange) > -1) { start = end = len; } else { start = -textInputRange.moveStart("character", -len); start += normalizedValue.slice(0, start).split(newLine).length - 1; if (textInputRange.compareEndPoints("EndToEnd", endRange) > -1) { end = len; } else { end = -textInputRange.moveEnd("character", -len); end += normalizedValue.slice(0, end).split(newLine).length - 1; } } } } return start==end ? false : { start: start, end: end }; } }, editor: { getLines: function(textVal){ return (textVal).split("\n").length; }, get: function(){ return defaults.textarea.value.replace(/\r/g,''); }, set: function(data){ defaults.textarea.value = data; } }, fenceRange: function(){ if(typeof defaults.fence == "string"){ var data = utils.editor.get(), pos = utils.cursor.get(), hacked = 0, matchedFence = data.indexOf(defaults.fence), matchCase = 0; while(matchedFence>=0){ matchCase++; if( pos < (matchedFence+hacked) ){ break; } hacked += matchedFence+defaults.fence.length; data = data.substring(matchedFence+defaults.fence.length); matchedFence = data.indexOf(defaults.fence); } if( (hacked) < pos && ( (matchedFence+hacked) > pos ) && matchCase%2===0){ return true; } return false; } else { return true; } }, isEven: function(_this,i){ return i%2; }, levelsDeep: function(){ var pos = utils.cursor.get(), val = utils.editor.get(); var left = val.substring(0, pos), levels = 0, i, j; for(i=0; i<left.length; i++){ for (j=0; j<charSettings.keyMap.length; j++) { if(charSettings.keyMap[j].canBreak){ if(charSettings.keyMap[j].open == left.charAt(i)){ levels++; } if(charSettings.keyMap[j].close == left.charAt(i)){ levels--; } } } } var toDecrement = 0, quoteMap = ["'", "\""]; for(i=0; i<charSettings.keyMap.length; i++) { if(charSettings.keyMap[i].canBreak){ for(j in quoteMap){ toDecrement += left.split(quoteMap[j]).filter(utils.isEven).join('').split(charSettings.keyMap[i].open).length - 1; } } } var finalLevels = levels - toDecrement; return finalLevels >=0 ? finalLevels : 0; }, deepExtend: function(destination, source) { for (var property in source) { if (source[property] && source[property].constructor && source[property].constructor === Object) { destination[property] = destination[property] || {}; utils.deepExtend(destination[property], source[property]); } else { destination[property] = source[property]; } } return destination; }, addEvent: function addEvent(element, eventName, func) { if (element.addEventListener){ element.addEventListener(eventName,func,false); } else if (element.attachEvent) { element.attachEvent("on"+eventName, func); } }, removeEvent: function addEvent(element, eventName, func){ if (element.addEventListener){ element.removeEventListener(eventName,func,false); } else if (element.attachEvent) { element.detachEvent("on"+eventName, func); } }, preventDefaultEvent: function(e){ if(e.preventDefault){ e.preventDefault(); } else { e.returnValue = false; } } }, intercept = { tabKey: function (e) { if(!utils.fenceRange()){ return; } if (e.keyCode == 9) { utils.preventDefaultEvent(e); var toReturn = true; utils._callHook('tab:before'); var selection = utils.cursor.selection(), pos = utils.cursor.get(), val = utils.editor.get(); if(selection){ var tempStart = selection.start; while(tempStart--){ if(val.charAt(tempStart)=="\n"){ selection.start = tempStart + 1; break; } } var toIndent = val.substring(selection.start, selection.end), lines = toIndent.split("\n"), i; if(e.shiftKey){ for(i = 0; i<lines.length; i++){ if(lines[i].substring(0,tab.length) == tab){ lines[i] = lines[i].substring(tab.length); } } toIndent = lines.join("\n"); utils.editor.set( val.substring(0,selection.start) + toIndent + val.substring(selection.end) ); utils.cursor.set(selection.start, selection.start+toIndent.length); } else { for(i in lines){ lines[i] = tab + lines[i]; } toIndent = lines.join("\n"); utils.editor.set( val.substring(0,selection.start) + toIndent + val.substring(selection.end) ); utils.cursor.set(selection.start, selection.start+toIndent.length); } } else { var left = val.substring(0, pos), right = val.substring(pos), edited = left + tab + right; if(e.shiftKey){ if(val.substring(pos-tab.length, pos) == tab){ edited = val.substring(0, pos-tab.length) + right; utils.editor.set(edited); utils.cursor.set(pos-tab.length); } } else { utils.editor.set(edited); utils.cursor.set(pos + tab.length); toReturn = false; } } utils._callHook('tab:after'); } return toReturn; }, enterKey: function (e) { if(!utils.fenceRange()){ return; } if (e.keyCode == 13) { utils.preventDefaultEvent(e); utils._callHook('enter:before'); var pos = utils.cursor.get(), val = utils.editor.get(), left = val.substring(0, pos), right = val.substring(pos), leftChar = left.charAt(left.length - 1), rightChar = right.charAt(0), numTabs = utils.levelsDeep(), ourIndent = "", closingBreak = "", finalCursorPos, i; if(!numTabs){ finalCursorPos = 1; } else { while(numTabs--){ ourIndent+=tab; } ourIndent = ourIndent; finalCursorPos = ourIndent.length + 1; for(i=0; i<charSettings.keyMap.length; i++) { if (charSettings.keyMap[i].open == leftChar && charSettings.keyMap[i].close == rightChar){ closingBreak = newLine; } } } var edited = left + newLine + ourIndent + closingBreak + (ourIndent.substring(0, ourIndent.length-tab.length) ) + right; utils.editor.set(edited); utils.cursor.set(pos + finalCursorPos); utils._callHook('enter:after'); } }, deleteKey: function (e) { if(!utils.fenceRange()){ return; } if(e.keyCode == 8){ utils.preventDefaultEvent(e); utils._callHook('delete:before'); var pos = utils.cursor.get(), val = utils.editor.get(), left = val.substring(0, pos), right = val.substring(pos), leftChar = left.charAt(left.length - 1), rightChar = right.charAt(0), i; if( utils.cursor.selection() === false ){ for(i=0; i<charSettings.keyMap.length; i++) { if (charSettings.keyMap[i].open == leftChar && charSettings.keyMap[i].close == rightChar) { var edited = val.substring(0,pos-1) + val.substring(pos+1); utils.editor.set(edited); utils.cursor.set(pos - 1); return; } } var edited = val.substring(0,pos-1) + val.substring(pos); utils.editor.set(edited); utils.cursor.set(pos - 1); } else { var sel = utils.cursor.selection(), edited = val.substring(0,sel.start) + val.substring(sel.end); utils.editor.set(edited); utils.cursor.set(pos); } utils._callHook('delete:after'); } } }, charFuncs = { openedChar: function (_char, e) { utils.preventDefaultEvent(e); utils._callHook('openChar:before'); var pos = utils.cursor.get(), val = utils.editor.get(), left = val.substring(0, pos), right = val.substring(pos), edited = left + _char.open + _char.close + right; defaults.textarea.value = edited; utils.cursor.set(pos + 1); utils._callHook('openChar:after'); }, closedChar: function (_char, e) { var pos = utils.cursor.get(), val = utils.editor.get(), toOverwrite = val.substring(pos, pos + 1); if (toOverwrite == _char.close) { utils.preventDefaultEvent(e); utils._callHook('closeChar:before'); utils.cursor.set(utils.cursor.get() + 1); utils._callHook('closeChar:after'); return true; } return false; } }, action = { filter: function (e) { if(!utils.fenceRange()){ return; } var theCode = e.which || e.keyCode; if(theCode == 39 || theCode == 40 && e.which===0){ return; } var _char = String.fromCharCode(theCode), i; for(i=0; i<charSettings.keyMap.length; i++) { if (charSettings.keyMap[i].close == _char) { var didClose = defaults.overwrite && charFuncs.closedChar(charSettings.keyMap[i], e); if (!didClose && charSettings.keyMap[i].open == _char && defaults.autoOpen) { charFuncs.openedChar(charSettings.keyMap[i], e); } } else if (charSettings.keyMap[i].open == _char && defaults.autoOpen) { charFuncs.openedChar(charSettings.keyMap[i], e); } } }, listen: function () { if(defaults.replaceTab){ utils.addEvent(defaults.textarea, 'keydown', intercept.tabKey); } if(defaults.autoIndent){ utils.addEvent(defaults.textarea, 'keydown', intercept.enterKey); } if(defaults.autoStrip){ utils.addEvent(defaults.textarea, 'keydown', intercept.deleteKey); } utils.addEvent(defaults.textarea, 'keypress', action.filter); utils.addEvent(defaults.textarea, 'keydown', function(){ utils._callHook('keydown'); }); utils.addEvent(defaults.textarea, 'keyup', function(){ utils._callHook('keyup'); }); } }, init = function (opts) { if(opts.textarea){ utils._callHook('init:before', false); utils.deepExtend(defaults, opts); utils.defineNewLine(); if (defaults.softTabs) { tab = " ".repeat(defaults.tabSize); } else { tab = "\t"; utils.defineTabSize(defaults.tabSize); } action.listen(); utils._callHook('init:after', false); } }; this.destroy = function(){ utils.removeEvent(defaults.textarea, 'keydown', intercept.tabKey); utils.removeEvent(defaults.textarea, 'keydown', intercept.enterKey); utils.removeEvent(defaults.textarea, 'keydown', intercept.deleteKey); utils.removeEvent(defaults.textarea, 'keypress', action.filter); }; init(userOpts); }; if (typeof module !== 'undefined' && module.exports) { module.exports = Behave; } if (typeof ender === 'undefined') { this.Behave = Behave; this.BehaveHooks = BehaveHooks; } if (typeof define === "function" && define.amd) { define("behave", [], function () { return Behave; }); } }).call(this); -
Oct 2, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -81,7 +81,7 @@ function tomjn_escaping_tests(){ ?></textarea> <p><input type="submit" value="escape"></p> </form> <p>Refresh rather than re-submit if you're having problems with expanding quote escaping</p> <?php if ( $value ) { ?> -
Oct 2, 2015 . 1 changed file with 22 additions and 15 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -22,9 +22,9 @@ function tomjn_escaping_tests(){ $value = (!empty( $_POST['tomjn_esc_value'] ) ) ? $_POST['tomjn_esc_value'] : false; if ( $value ) { global $wpdb; @@ -71,22 +71,29 @@ function tomjn_escaping_tests(){ } ob_start(); ?> <form action="" method="post"> <textarea name="tomjn_esc_value"><?php if ($value) { echo esc_html( $esc_array['esc_textarea'] ); } ?></textarea> <p><input type="submit" value="escape"></p> </form> <p>Refresh rather than re-submit if you\'re having problems with expanding quote escaping</p> <?php if ( $value ) { ?> <dl> <?php foreach($esc_array as $key => $val) : ?> <dt><?php echo esc_html( $key ); ?></dt> <dd><pre><?php echo htmlspecialchars( $val ); ?></pre></dd> <?php endforeach; ?> </dl> <?php } return ob_get_clean(); } add_shortcode( 'tomjn_esc_test', 'tomjn_escaping_tests' ); -
Oct 2, 2015 . 1 changed file with 3 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -29,7 +29,7 @@ function tomjn_escaping_tests(){ global $wpdb; $esc_array = array( 'esc_html' => esc_html( $value ), 'esc_attr' => esc_attr($value), 'esc_js' => esc_js($value), 'esc_textarea' => esc_textarea( $value ), @@ -38,6 +38,7 @@ function tomjn_escaping_tests(){ 'esc_sql' => esc_sql( $value ), 'wp_json_encode' => wp_json_encode($value), 'wp_kses( , array(), array())' => wp_kses( $value, array(), array()), 'wp_kses_data' => wp_kses_data( $value ), 'wp_kses_post' => wp_kses_post( $value ), 'wp_strip_all_tags' => wp_strip_all_tags($value), 'strip_tags' => strip_tags($value), @@ -82,7 +83,7 @@ function tomjn_escaping_tests(){ <dl> <?php foreach($esc_array as $key => $val) : ?> <dt><?php echo esc_html( $key ); ?></dt> <dd><pre><?php echo htmlspecialchars( $val ); ?></pre></dd> <?php endforeach; ?> </dl> <?php endif; return ob_get_clean(); -
Oct 2, 2015 . 1 changed file with 9 additions and 9 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -29,16 +29,16 @@ function tomjn_escaping_tests(){ global $wpdb; $esc_array = array( 'esc_html' => $value, 'esc_attr' => esc_attr($value), 'esc_js' => esc_js($value), 'esc_textarea' => esc_textarea( $value ), 'esc_url' => esc_url($value), 'esc_url_raw' => esc_url_raw($value), 'esc_sql' => esc_sql( $value ), 'wp_json_encode' => wp_json_encode($value), 'wp_kses( , array(), array())' => wp_kses( $value, array(), array()), 'wp_kses_post' => wp_kses_post( $value ), 'wp_strip_all_tags' => wp_strip_all_tags($value), 'strip_tags' => strip_tags($value), 'htmlentities' => htmlentities($value), @@ -73,16 +73,16 @@ function tomjn_escaping_tests(){ ob_start(); ?> <form action="" method="post"> <textarea name="tomjn_esc_value"> <?php if ($value) { echo esc_html( $esc_array['esc_textarea'] ); } ?> </textarea> <p><small>Refresh rather than re-submit if you\'re having problems with expanding quote escaping</small></p> <p><input type="submit" value="escape"></p> </form> <?php if ($value) : ?> <dl> <?php foreach($esc_array as $key => $val) : ?> <dt><?php echo esc_html( $key ); ?></dt> <dd><pre><?php echo esc_html( $val ); ?></pre></dd> <?php endforeach; ?> </dl> <?php endif; return ob_get_clean(); -
Oct 2, 2015 . 1 changed file with 59 additions and 129 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -21,141 +21,71 @@ */ function tomjn_escaping_tests(){ $value = (!empty( $_POST['tomjn_esc_value'] ) ) ? $_POST['tomjn_esc_value'] : false; if($value){ global $wpdb; $esc_array = array( 'esc_html' => esc_html($value), 'esc_attr' => esc_attr($value), 'esc_js' => esc_js($value), 'esc_textarea' => esc_html( esc_textarea( $value ) ), 'esc_url' => esc_url($value), 'esc_url_raw' => esc_url_raw($value), 'esc_sql' => esc_html( esc_sql( $value ) ), 'wp_json_encode' => esc_html(wp_json_encode($value)), 'wp_kses( , array(), array())' => esc_html(wp_kses( $value, array(), array())), 'esc_kses_post' => esc_html( wp_kses_post( $value ) ), 'wp_strip_all_tags' => wp_strip_all_tags($value), 'strip_tags' => strip_tags($value), 'htmlentities' => htmlentities($value), 'urlencode' => urlencode($value), 'rawurlencode' => rawurlencode($value), 'sanitize_email' => sanitize_email($value), 'sanitize_file_name' => sanitize_file_name($value), 'sanitize_html_class' => sanitize_html_class($value), 'sanitize_key' => sanitize_key($value), 'sanitize_meta' => sanitize_meta($value), 'sanitize_mime_type' => sanitize_mime_type($value), 'sanitize_option' => sanitize_option($value), 'sanitize_post' => sanitize_post($value), 'sanitize_sql_orderby' => sanitize_sql_orderby($value), 'sanitize_term' => sanitize_term($value), 'sanitize_term_field' => sanitize_term_field($value), 'sanitize_text_field' => sanitize_text_field($value), 'sanitize_title' => sanitize_title($value), 'sanitize_title_for_query' => sanitize_title_for_query($value), 'sanitize_title_with_dashes' => sanitize_title_with_dashes($value), 'sanitize_user' => sanitize_user($value), 'balanceTags' => balanceTags($value), 'tag_escape' => tag_escape($value), 'addslashes' => addslashes($value), '$wpdb->esc_like' => $wpdb->esc_like($value), '$wpdb->prepare' => $wpdb->prepare($value), ); } ob_start(); ?> <form action="" method="post"> <textarea name="tomjn_esc_value"> <?php if ($value) { echo $esc_array['esc_textarea']; } ?> </textarea> <p><small>Refresh rather than re-submit if you\'re having problems with expanding quote escaping</small></p> <p><input type="submit" value="escape"></p> </form> <?php if ($value) : ?> <dl> <?php foreach($esc_array as $key => $val) : ?> <dt><?php echo $key; ?></dt> <dd><pre><?php echo $val; ?></pre></dd> <?php endforeach; ?> </dl> <?php endif; return ob_get_clean(); } add_shortcode( 'tomjn_esc_test', 'tomjn_escaping_tests' ); -
Oct 2, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,161 @@ <?php /* Plugin Name: Toms Escaping test Plugin URI: http://tomjn.com Description: Provides a tomjn_esc_test shortcode that lets you test values with escaping Author: Tom J Nowell Version: 1.0 Author URI: http://www.tomjn.com/escaping License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ function tomjn_escaping_tests(){ $response = '<form action="" method="post">'; $response .= '<textarea name="tomjn_esc_value">'; if ( !empty( $_POST['tomjn_esc_value'] ) ) { $response .= esc_textarea($_POST['tomjn_esc_value']); } $response .= '</textarea>'; $response .= '<p><small>Refresh rather than re-submit if you\'re having problems with expanding quote escaping</small></p>'; $response .= '<p><input type="submit" value="escape"></p>'; $response .= '</form>'; if ( !empty( $_POST['tomjn_esc_value'] ) ) { global $wpdb; $value = $_POST['tomjn_esc_value']; $response .= '<dl>'; $response .= '<dt>esc_html</dt>'; $response .= '<dd><pre>'.esc_html($value).'</pre></dd>'; $response .= '<dt>esc_attr</dt>'; $response .= '<dd><pre>'.esc_attr($value).'</pre></dd>'; $response .= '<dt>esc_js</dt>'; $response .= '<dd><pre>'.esc_js( $value).'</pre></dd>'; $response .= '<dt>esc_textarea</dt>'; $response .= '<dd><pre>'.esc_html( esc_textarea( $value ) ).'</pre></dd>'; $response .= '<dt>esc_url</dt>'; $response .= '<dd><pre>'.esc_url( $value ).'</pre></dd>'; $response .= '<dt>esc_url_raw</dt>'; $response .= '<dd><pre>'.esc_url_raw( $value ).'</pre></dd>'; $response .= '<dt>esc_sql</dt>'; $response .= '<dd><pre>'.esc_html( esc_sql( $value ) ).'</pre></dd>'; $response .= '<dt>wp_json_encode</dt>'; $response .= '<dd><pre>'.esc_html( wp_json_encode( $value) ).'</pre></dd>'; $response .= '<dt>wp_kses( , array(), array())</dt>'; $response .= '<dd><pre>'.esc_html( wp_kses( $value, array(), array() ) ).'</pre></dd>'; $response .= '<dt>wp_kses_post</dt>'; $response .= '<dd><pre>'.esc_html( wp_kses_post( $value ) ).'</pre></dd>'; $response .= '<dt>wp_strip_all_tags</dt>'; $response .= '<dd><pre>'.wp_strip_all_tags( $value ).'</pre></dd>'; $response .= '<dt>strip_tags</dt>'; $response .= '<dd><pre>'.strip_tags( $value ).'</pre></dd>'; $response .= '<dt>htmlentities</dt>'; $response .= '<dd><pre>'.htmlentities( $value ).'</pre></dd>'; $response .= '<dt>htmlspecialchars</dt>'; $response .= '<dd><pre>'.htmlspecialchars( $value ).'</pre></dd>'; $response .= '<dt>urlencode</dt>'; $response .= '<dd><pre>'.urlencode( $value ).'</pre></dd>'; $response .= '<dt>rawurlencode</dt>'; $response .= '<dd><pre>'.rawurlencode( $value ).'</pre></dd>'; $response .= '<dt>sanitize_email</dt>'; $response .= '<dd><pre>'.sanitize_email( $value ).'</pre></dd>'; $response .= '<dt>sanitize_file_name</dt>'; $response .= '<dd><pre>'.sanitize_file_name( $value ).'</pre></dd>'; $response .= '<dt>sanitize_html_class</dt>'; $response .= '<dd><pre>'.sanitize_html_class( $value ).'</pre></dd>'; $response .= '<dt>sanitize_key</dt>'; $response .= '<dd><pre>'.sanitize_key( $value ).'</pre></dd>'; $response .= '<dt>sanitize_meta</dt>'; $response .= '<dd><pre>'.sanitize_meta( $value ).'</pre></dd>'; $response .= '<dt>sanitize_mime_type</dt>'; $response .= '<dd><pre>'.sanitize_mime_type( $value ).'</pre></dd>'; $response .= '<dt>sanitize_option</dt>'; $response .= '<dd><pre>'.sanitize_option( $value ).'</pre></dd>'; $response .= '<dt>sanitize_post</dt>'; $response .= '<dd><pre>'.sanitize_post( $value ).'</pre></dd>'; $response .= '<dt>sanitize_sql_orderby</dt>'; $response .= '<dd><pre>'.sanitize_sql_orderby( $value ).'</pre></dd>'; $response .= '<dt>sanitize_term</dt>'; $response .= '<dd><pre>'.sanitize_term( $value ).'</pre></dd>'; $response .= '<dt>sanitize_term_field</dt>'; $response .= '<dd><pre>'.sanitize_term_field( $value ).'</pre></dd>'; $response .= '<dt>sanitize_text_field</dt>'; $response .= '<dd><pre>'.sanitize_text_field( $value ).'</pre></dd>'; $response .= '<dt>sanitize_title</dt>'; $response .= '<dd><pre>'.sanitize_title( $value ).'</pre></dd>'; $response .= '<dt>sanitize_title_for_query</dt>'; $response .= '<dd><pre>'.sanitize_title_for_query( $value ).'</pre></dd>'; $response .= '<dt>sanitize_title_with_dashes</dt>'; $response .= '<dd><pre>'.sanitize_title_with_dashes( $value ).'</pre></dd>'; $response .= '<dt>sanitize_user</dt>'; $response .= '<dd><pre>'.sanitize_user( $value ).'</pre></dd>'; $response .= '<dt>balanceTags</dt>'; $response .= '<dd><pre>'.balanceTags( $value ).'</pre></dd>'; $response .= '<dt>tag_escape</dt>'; $response .= '<dd><pre>'.tag_escape( $value ).'</pre></dd>'; $response .= '<dt>addslashes</dt>'; $response .= '<dd><pre>'.addslashes( $value ).'</pre></dd>'; $response .= '<dt>$wpdb->esc_like</dt>'; $response .= '<dd><pre>'.$wpdb->esc_like( $value ).'</pre></dd>'; $response .= '<dt>addslashes</dt>'; $response .= '<dd><pre>'.$wpdb->prepare( $value ).'</pre></dd>'; $response .= '</dl>'; } return $response; } add_shortcode( 'tomjn_esc_test', 'tomjn_escaping_tests' );