Alert: This function’s access is marked private. This means it is not intended for use by plugin or theme developers, only in other core functions. It is listed here for completeness.

_wp_specialchars( string $string, int|string $quote_style = ENT_NOQUOTES, false|string $charset = false, bool $double_encode = false )

Converts a number of special characters into their HTML entities.

Contents

Description Description

Specifically deals with: &, <, >, ", and ‘.

$quote_style can be set to ENT_COMPAT to encode " to ", or ENT_QUOTES to do both. Default is ENT_NOQUOTES where no quotes are encoded.

Parameters Parameters

$string

(string) (Required) The text which is to be encoded.

$quote_style

(int|string) (Optional) Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.

Default value: ENT_NOQUOTES

$charset

(false|string) (Optional) The character encoding of the string. Default is false.

Default value: false

$double_encode

(bool) (Optional) Whether to encode existing html entities. Default is false.

Default value: false

Top ↑

Return Return

(string) The encoded text with HTML entities.

Top ↑

Source Source

File: wp-includes/formatting.php 

function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) {
	$string = (string) $string;

	if ( 0 === strlen( $string ) ) {
		return '';
	}

	// Don't bother if there are no specialchars - saves some processing
	if ( ! preg_match( '/[&<>"\']/', $string ) ) {
		return $string;
	}

	// Account for the previous behaviour of the function when the $quote_style is not an accepted value
	if ( empty( $quote_style ) ) {
		$quote_style = ENT_NOQUOTES;
	} elseif ( ! in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) {
		$quote_style = ENT_QUOTES;
	}

	// Store the site charset as a static to avoid multiple calls to wp_load_alloptions()
	if ( ! $charset ) {
		static $_charset = null;
		if ( ! isset( $_charset ) ) {
			$alloptions = wp_load_alloptions();
			$_charset   = isset( $alloptions['blog_charset'] ) ? $alloptions['blog_charset'] : '';
		}
		$charset = $_charset;
	}

	if ( in_array( $charset, array( 'utf8', 'utf-8', 'UTF8' ) ) ) {
		$charset = 'UTF-8';
	}

	$_quote_style = $quote_style;

	if ( $quote_style === 'double' ) {
		$quote_style  = ENT_COMPAT;
		$_quote_style = ENT_COMPAT;
	} elseif ( $quote_style === 'single' ) {
		$quote_style = ENT_NOQUOTES;
	}

	if ( ! $double_encode ) {
		// Guarantee every &entity; is valid, convert &garbage; into &amp;garbage;
		// This is required for PHP < 5.4.0 because ENT_HTML401 flag is unavailable.
		$string = wp_kses_normalize_entities( $string );
	}

	$string = htmlspecialchars( $string, $quote_style, $charset, $double_encode );

	// Back-compat.
	if ( 'single' === $_quote_style ) {
		$string = str_replace( "'", '&#039;', $string );
	}

	return $string;
}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
1.2.2 Introduced.

Top ↑

Top ↑

Used By Used By

Used By
Used By Description
wp-includes/formatting.php: esc_js()

Escape single quotes, htmlspecialchar ” &, and fix line endings.
wp-includes/formatting.php: esc_html()

Escaping for HTML blocks.
wp-includes/formatting.php: esc_attr()

Escaping for HTML attributes.
wp-includes/deprecated.php: wp_specialchars()

Legacy escaping for HTML blocks.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.