_wp_specialchars( string $string, int|string $quote_style = ENT_NOQUOTES, false|string $charset = false, bool $double_encode = false ): string
This function’s access is marked private. This means it is not intended for use by plugin or theme developers, only in other core functions. It is listed here for completeness.
Converts a number of special characters into their HTML entities.
Description
Specifically deals with: &, <, >, ", and '.
$quote_style can be set to ENT_COMPAT to encode " to ", or ENT_QUOTES to do both. Default is ENT_NOQUOTES where no quotes are encoded.
Parameters
$stringstring Required-
The text which is to be encoded.
$quote_styleint|string Optional-
Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES.
Converts single and double quotes, as well as converting HTML named entities (that are not also XML named entities) to their code points if set to ENT_XML1. Also compatible with old values; converting single quotes if set to'single', double if set to'double'or both if otherwise set.
Default is ENT_NOQUOTES.Default:
ENT_NOQUOTES $charsetfalse|string Optional-
The character encoding of the string.
Default:
false $double_encodebool Optional-
Whether to encode existing HTML entities.
Default:
false
Return
string The encoded text with HTML entities.
Source
File: wp-includes/formatting.php. View all references
function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) {
$string = (string) $string;
if ( 0 === strlen( $string ) ) {
return '';
}
// Don't bother if there are no specialchars - saves some processing.
if ( ! preg_match( '/[&<>"\']/', $string ) ) {
return $string;
}
// Account for the previous behaviour of the function when the $quote_style is not an accepted value.
if ( empty( $quote_style ) ) {
$quote_style = ENT_NOQUOTES;
} elseif ( ENT_XML1 === $quote_style ) {
$quote_style = ENT_QUOTES | ENT_XML1;
} elseif ( ! in_array( $quote_style, array( ENT_NOQUOTES, ENT_COMPAT, ENT_QUOTES, 'single', 'double' ), true ) ) {
$quote_style = ENT_QUOTES;
}
// Store the site charset as a static to avoid multiple calls to wp_load_alloptions().
if ( ! $charset ) {
static $_charset = null;
if ( ! isset( $_charset ) ) {
$alloptions = wp_load_alloptions();
$_charset = isset( $alloptions['blog_charset'] ) ? $alloptions['blog_charset'] : '';
}
$charset = $_charset;
}
if ( in_array( $charset, array( 'utf8', 'utf-8', 'UTF8' ), true ) ) {
$charset = 'UTF-8';
}
$_quote_style = $quote_style;
if ( 'double' === $quote_style ) {
$quote_style = ENT_COMPAT;
$_quote_style = ENT_COMPAT;
} elseif ( 'single' === $quote_style ) {
$quote_style = ENT_NOQUOTES;
}
if ( ! $double_encode ) {
// Guarantee every &entity; is valid, convert &garbage; into &garbage;
// This is required for PHP < 5.4.0 because ENT_HTML401 flag is unavailable.
$string = wp_kses_normalize_entities( $string, ( $quote_style & ENT_XML1 ) ? 'xml' : 'html' );
}
$string = htmlspecialchars( $string, $quote_style, $charset, $double_encode );
// Back-compat.
if ( 'single' === $_quote_style ) {
$string = str_replace( "'", ''', $string );
}
return $string;
}
Related
Uses
| Uses | Description |
|---|---|
| wp_kses_normalize_entities() wp-includes/kses.php | Converts and fixes HTML entities. |
| wp_load_alloptions() wp-includes/option.php | Loads and caches all autoloaded options, if available or all options. |
Used By
| Used By | Description |
|---|---|
| esc_xml() wp-includes/formatting.php | Escaping for XML blocks. |
| esc_js() wp-includes/formatting.php | Escapes single quotes, |
| esc_html() wp-includes/formatting.php | Escaping for HTML blocks. |
| esc_attr() wp-includes/formatting.php | Escaping for HTML attributes. |
| wp_specialchars() wp-includes/deprecated.php | Legacy escaping for HTML blocks. |
Changelog
© 2003–2022 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/_wp_specialchars