wp_specialchars

Legacy escaping for HTML blocks.

Description

(string) wp_specialchars( (string) $string, (constant) $quote_style = ENT_NOQUOTES, (constant) $charset = false, (bool) $double_encode = false ); 

Returns (string)

Escaped `$string`.

Parameters (4)

0. $string (string)
String to escape.
1. $quote_style — Optional. (constant) => ENT_NOQUOTES
The quote style.
2. $charset — Optional. (constant) => false
The charset.
3. $double_encode — Optional. (bool) => false
Whether to double encode. Unused.

Usage

  1. if ( !function_exists( 'wp_specialchars' ) ) { 
  2.     require_once ABSPATH . WPINC . '/deprecated.php'; 
  4.   
  5. // String to escape. 
  6. $string = ''; 
  7.   
  8. // The quote style. 
  9. $quote_style = ENT_NOQUOTES; 
  10.   
  11. // The charset. 
  12. $charset = false; 
  13.   
  14. // Whether to double encode. Unused. 
  15. $double_encode = false; 
  16.   
  17. // NOTICE! Understand what this does before running. 
  18. $result = wp_specialchars($string, $quote_style, $charset, $double_encode); 
  19.     

Defined (2)

The function is defined in the following location(s).

/wp-includes/deprecated.php  
  1. function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) { 
  2.     _deprecated_function( __FUNCTION__, '2.8.0', 'esc_html()' ); 
  3.     if ( func_num_args() > 1 ) { // Maintain back-compat for people passing additional arguments. 
  4.         $args = func_get_args(); 
  5.         return call_user_func_array( '_wp_specialchars', $args ); 
  6.     } else { 
  7.         return esc_html( $string ); 
/wp-includes/formatting.php  
  1. function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) { 
  2.     $string = (string) $string; 
  3.  
  4.     if ( 0 === strlen( $string ) ) 
  5.         return ''; 
  6.  
  7.     // Don't bother if there are no specialchars - saves some processing 
  8.     if ( ! preg_match( '/[&<>"\']/', $string ) ) 
  9.         return $string; 
  10.  
  11.     // Account for the previous behaviour of the function when the $quote_style is not an accepted value 
  12.     if ( empty( $quote_style ) ) 
  13.         $quote_style = ENT_NOQUOTES; 
  14.     elseif ( ! in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) 
  15.         $quote_style = ENT_QUOTES; 
  16.  
  17.     // Store the site charset as a static to avoid multiple calls to wp_load_alloptions() 
  18.     if ( ! $charset ) { 
  19.         static $_charset = null; 
  20.         if ( ! isset( $_charset ) ) { 
  21.             $alloptions = wp_load_alloptions(); 
  22.             $_charset = isset( $alloptions['blog_charset'] ) ? $alloptions['blog_charset'] : ''; 
  24.         $charset = $_charset; 
  26.  
  27.     if ( in_array( $charset, array( 'utf8', 'utf-8', 'UTF8' ) ) ) 
  28.         $charset = 'UTF-8'; 
  29.  
  30.     $_quote_style = $quote_style; 
  31.  
  32.     if ( $quote_style === 'double' ) { 
  33.         $quote_style = ENT_COMPAT; 
  34.         $_quote_style = ENT_COMPAT; 
  35.     } elseif ( $quote_style === 'single' ) { 
  36.         $quote_style = ENT_NOQUOTES; 
  38.  
  39.     if ( ! $double_encode ) { 
  40.         // Guarantee every &entity; is valid, convert &garbage; into &garbage; 
  41.         // This is required for PHP < 5.4.0 because ENT_HTML401 flag is unavailable. 
  42.         $string = wp_kses_normalize_entities( $string ); 
  44.  
  45.     $string = @htmlspecialchars( $string, $quote_style, $charset, $double_encode ); 
  46.  
  47.     // Back-compat. 
  48.     if ( 'single' === $_quote_style ) 
  49.         $string = str_replace( "'", ''', $string ); 
  50.  
  51.     return $string;