diff --git a/core/includes/bootstrap.inc b/core/includes/bootstrap.inc
index 4a6f3de6a96c7b82b3bc8dd9b51382fdfc0e4c7f..6d2dd8f2f2102f415d5965e2f46793376a3f7ba1 100644
--- a/core/includes/bootstrap.inc
+++ b/core/includes/bootstrap.inc
@@ -1467,7 +1467,9 @@ function watchdog_exception($type, Exception $exception, $message = NULL, $varia
// Use a default value if $message is not set.
if (empty($message)) {
- // The exception message is run through check_plain() by _drupal_decode_exception().
+ // The exception message is run through
+ // \Drupal\Component\Utility\String::checkPlain() by
+ // _drupal_decode_exception().
$message = '%type: !message in %function (line %line of %file).';
}
// $variables must be an array so that we can add the exception information.
@@ -1672,7 +1674,7 @@ function drupal_get_title() {
// During a bootstrap, menu.inc is not included and thus we cannot provide a title.
if (!isset($title) && function_exists('menu_get_active_title')) {
- $title = check_plain(menu_get_active_title());
+ $title = String::checkPlain(menu_get_active_title());
}
return $title;
@@ -1689,7 +1691,8 @@ function drupal_get_title() {
* @param $output
* Optional flag - normally should be left as Title::CHECK_PLAIN. Only set to
* PASS_THROUGH if you have already removed any possibly dangerous code
- * from $title using a function like check_plain() or filter_xss(). With this
+ * from $title using a function like
+ * \Drupal\Component\Utility\String::checkPlain() or filter_xss(). With this
* flag the string will be passed through unchanged.
*
* @return
@@ -1699,7 +1702,7 @@ function drupal_set_title($title = NULL, $output = Title::CHECK_PLAIN) {
$stored_title = &drupal_static(__FUNCTION__);
if (isset($title)) {
- $stored_title = ($output == PASS_THROUGH) ? $title : check_plain($title);
+ $stored_title = ($output == PASS_THROUGH) ? $title : String::checkPlain($title);
}
return $stored_title;
diff --git a/core/includes/common.inc b/core/includes/common.inc
index 5882f4072fbd8e7c1938fd1559fef8bea0d79335..c32b72871dfc37c927edd7948be6f3c314aef334 100644
--- a/core/includes/common.inc
+++ b/core/includes/common.inc
@@ -700,7 +700,7 @@ function valid_number_step($value, $step, $offset = 0.0) {
* string, so this function can be called independently when the output needs to
* be a plain-text string for passing to t(), l(),
* Drupal\Core\Template\Attribute, or another function that will call
- * check_plain() separately.
+ * \Drupal\Component\Utility\String::checkPlain() separately.
*
* @param $uri
* A plain-text URI that might contain dangerous protocols.
@@ -708,8 +708,8 @@ function valid_number_step($value, $step, $offset = 0.0) {
* @return
* A plain-text URI stripped of dangerous protocols. As with all plain-text
* strings, this return value must not be output to an HTML page without
- * check_plain() being called on it. However, it can be passed to functions
- * expecting plain-text strings.
+ * \Drupal\Component\Utility\String::checkPlain() being called on it. However,
+ * it can be passed to functions expecting plain-text strings.
*
* @see \Drupal\Component\Utility\Url::stripDangerousProtocols()
*/
@@ -744,7 +744,8 @@ function check_url($uri) {
*
* Use only for fields where it is impractical to use the
* whole filter system, but where some (mainly inline) mark-up
- * is desired (so check_plain() is not acceptable).
+ * is desired (so \Drupal\Component\Utility\String::checkPlain() is not
+ * acceptable).
*
* Allows all tags that can be used inside an HTML body, save
* for scripts and styles.
@@ -826,14 +827,14 @@ function format_rss_channel($title, $link, $description, $items, $langcode = NUL
$langcode = $langcode ? $langcode : language(Language::TYPE_CONTENT)->id;
$output = "<channel>\n";
- $output .= ' <title>' . check_plain($title) . "</title>\n";
+ $output .= ' <title>' . String::checkPlain($title) . "</title>\n";
$output .= ' <link>' . check_url($link) . "</link>\n";
// The RSS 2.0 "spec" doesn't indicate HTML can be used in the description.
// We strip all HTML tags, but need to prevent double encoding from properly
// escaped source data (such as & becoming &amp;).
- $output .= ' <description>' . check_plain(decode_entities(strip_tags($description))) . "</description>\n";
- $output .= ' <language>' . check_plain($langcode) . "</language>\n";
+ $output .= ' <description>' . String::checkPlain(decode_entities(strip_tags($description))) . "</description>\n";
+ $output .= ' <language>' . String::checkPlain($langcode) . "</language>\n";
$output .= format_xml_elements($args);
$output .= $items;
$output .= "</channel>\n";
@@ -848,9 +849,9 @@ function format_rss_channel($title, $link, $description, $items, $langcode = NUL
*/
function format_rss_item($title, $link, $description, $args = array()) {
$output = "<item>\n";
- $output .= ' <title>' . check_plain($title) . "</title>\n";
+ $output .= ' <title>' . String::checkPlain($title) . "</title>\n";
$output .= ' <link>' . check_url($link) . "</link>\n";
- $output .= ' <description>' . check_plain($description) . "</description>\n";
+ $output .= ' <description>' . String::checkPlain($description) . "</description>\n";
$output .= format_xml_elements($args);
$output .= "</item>\n";
@@ -882,7 +883,7 @@ function format_xml_elements($array) {
}
if (isset($value['value']) && $value['value'] != '') {
- $output .= '>' . (is_array($value['value']) ? format_xml_elements($value['value']) : check_plain($value['value'])) . '</' . $value['key'] . ">\n";
+ $output .= '>' . (is_array($value['value']) ? format_xml_elements($value['value']) : String::checkPlain($value['value'])) . '</' . $value['key'] . ">\n";
}
else {
$output .= " />\n";
@@ -890,7 +891,7 @@ function format_xml_elements($array) {
}
}
else {
- $output .= ' <' . $key . '>' . (is_array($value) ? format_xml_elements($value) : check_plain($value)) . "</$key>\n";
+ $output .= ' <' . $key . '>' . (is_array($value) ? format_xml_elements($value) : String::checkPlain($value)) . "</$key>\n";
}
}
return $output;
@@ -1285,8 +1286,9 @@ function drupal_http_header_attributes(array $attributes = array()) {
* The internal path or external URL being linked to, such as "node/34" or
* "http://example.com/foo". After the url() function is called to construct
* the URL from $path and $options, the resulting URL is passed through
- * check_plain() before it is inserted into the HTML anchor tag, to ensure
- * well-formed HTML. See url() for more information and notes.
+ * \Drupal\Component\Utility\String::checkPlain() before it is inserted into
+ * the HTML anchor tag, to ensure well-formed HTML. See url() for more
+ * information and notes.
* @param array $options
* An associative array of additional options. Defaults to an empty array. It
* may contain the following elements.
@@ -1379,10 +1381,10 @@ function l($text, $path, array $options = array()) {
// The result of url() is a plain-text URL. Because we are using it here
// in an HTML argument context, we need to encode it properly.
- $url = check_plain(url($variables['path'], $variables['options']));
+ $url = String::checkPlain(url($variables['path'], $variables['options']));
// Sanitize the link text if necessary.
- $text = $variables['options']['html'] ? $variables['text'] : check_plain($variables['text']);
+ $text = $variables['options']['html'] ? $variables['text'] : String::checkPlain($variables['text']);
return '<a href="' . $url . '"' . $attributes . '>' . $text . '</a>';
}
@@ -1481,7 +1483,7 @@ function drupal_add_html_head_link($attributes, $header = FALSE) {
if ($header) {
// Also add a HTTP header "Link:".
- $href = '<' . check_plain($attributes['href']) . '>;';
+ $href = '<' . String::checkPlain($attributes['href']) . '>;';
unset($attributes['href']);
$element['#attached']['drupal_add_http_header'][] = array('Link', $href . drupal_http_header_attributes($attributes), TRUE);
}
@@ -4864,7 +4866,7 @@ function _drupal_flush_css_js() {
*/
function debug($data, $label = NULL, $print_r = FALSE) {
// Print $data contents to string.
- $string = check_plain($print_r ? print_r($data, TRUE) : var_export($data, TRUE));
+ $string = String::checkPlain($print_r ? print_r($data, TRUE) : var_export($data, TRUE));
// Display values with pre-formatting to increase readability.
$string = '<pre>' . $string . '</pre>';
diff --git a/core/includes/errors.inc b/core/includes/errors.inc
index 1639ba58967f1a587e52ea57924cb47a786b8976..b7c15b6d89e784163b93049da2ba712d6e4085a2 100644
--- a/core/includes/errors.inc
+++ b/core/includes/errors.inc
@@ -5,6 +5,7 @@
* Functions for error handling.
*/
+use Drupal\Component\Utility\String;
use Symfony\Component\HttpFoundation\Response;
/**
@@ -117,7 +118,7 @@ function _drupal_decode_exception($exception) {
'%type' => get_class($exception),
// The standard PHP exception handler considers that the exception message
// is plain-text. We mimick this behavior here.
- '!message' => check_plain($message),
+ '!message' => String::checkPlain($message),
'%function' => $caller['function'],
'%file' => $caller['file'],
'%line' => $caller['line'],
@@ -138,7 +139,7 @@ function _drupal_decode_exception($exception) {
function _drupal_render_exception_safe($exception) {
$decode = _drupal_decode_exception($exception);
unset($decode['backtrace']);
- return check_plain(strtr('%type: !message in %function (line %line of %file).', $decode));
+ return String::checkPlain(strtr('%type: !message in %function (line %line of %file).', $decode));
}
/**
diff --git a/core/includes/file.inc b/core/includes/file.inc
index 788f213018244f384264c46c10790880bbfbc890..f1833f2b2b108fce6fb5b490783a9da8bec3e105 100644
--- a/core/includes/file.inc
+++ b/core/includes/file.inc
@@ -7,6 +7,7 @@
use Drupal\Core\StreamWrapper\LocalStream;
use Drupal\Component\PhpStorage\MTimeProtectedFastFileStorage;
+use Drupal\Component\Utility\String;
use Drupal\Core\StreamWrapper\PublicStream;
/**
@@ -561,7 +562,7 @@ function file_save_htaccess($directory, $private = TRUE) {
drupal_chmod($htaccess_path, 0444);
}
else {
- $variables = array('%directory' => $directory, '!htaccess' => '<br />' . nl2br(check_plain($htaccess_lines)));
+ $variables = array('%directory' => $directory, '!htaccess' => '<br />' . nl2br(String::checkPlain($htaccess_lines)));
watchdog('security', "Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: <code>!htaccess</code>", $variables, WATCHDOG_ERROR);
}
}
diff --git a/core/includes/form.inc b/core/includes/form.inc
index 77443ad8b410bb77ef9f81cac1d87c733e52d8e1..29b6c2dcc954842a76e0eaca6ac391efd7466380 100644
--- a/core/includes/form.inc
+++ b/core/includes/form.inc
@@ -7,6 +7,7 @@
use Drupal\Component\Utility\Crypt;
use Drupal\Component\Utility\NestedArray;
+use Drupal\Component\Utility\String;
use Drupal\Core\Form\FormInterface;
use Drupal\Core\Form\BaseFormIdInterface;
use Drupal\Core\Database\Database;
@@ -2824,7 +2825,7 @@ function form_select_options($element, $choices = NULL) {
else {
$selected = '';
}
- $options .= '<option value="' . check_plain($key) . '"' . $selected . '>' . check_plain($choice) . '</option>';
+ $options .= '<option value="' . String::checkPlain($key) . '"' . $selected . '>' . String::checkPlain($choice) . '</option>';
}
}
return $options;
@@ -4569,7 +4570,7 @@ function theme_textarea($variables) {
}
$output = '<div' . new Attribute($wrapper_attributes) . '>';
- $output .= '<textarea' . new Attribute($element['#attributes']) . '>' . check_plain($element['#value']) . '</textarea>';
+ $output .= '<textarea' . new Attribute($element['#attributes']) . '>' . String::checkPlain($element['#value']) . '</textarea>';
$output .= '</div>';
return $output;
}
@@ -4932,9 +4933,9 @@ function _drupal_form_send_response(Response $response) {
* Note: if the batch 'title', 'init_message', 'progress_message', or
* 'error_message' could contain any user input, it is the responsibility of
* the code calling batch_set() to sanitize them first with a function like
- * check_plain() or filter_xss(). Furthermore, if the batch operation
- * returns any user input in the 'results' or 'message' keys of $context,
- * it must also sanitize them first.
+ * \Drupal\Component\Utility\String::checkPlain() or filter_xss(). Furthermore,
+ * if the batch operation returns any user input in the 'results' or 'message'
+ * keys of $context, it must also sanitize them first.
*
* Sample batch operations:
* @code
@@ -4958,8 +4959,8 @@ function _drupal_form_send_response(Response $response) {
*
* $nodes = entity_load_multiple_by_properties('node', array('uid' => $uid, 'type' => $type));
* $node = reset($nodes);
- * $context['results'][] = $node->id() . ' : ' . check_plain($node->label());
- * $context['message'] = check_plain($node->label());
+ * $context['results'][] = $node->id() . ' : ' . String::checkPlain($node->label());
+ * $context['message'] = String::checkPlain($node->label());
* }
*
* // A more advanced example is a multi-step operation that loads all rows,
@@ -4978,10 +4979,10 @@ function _drupal_form_send_response(Response $response) {
* ->range(0, $limit)
* ->execute();
* foreach ($result as $row) {
- * $context['results'][] = $row->id . ' : ' . check_plain($row->title);
+ * $context['results'][] = $row->id . ' : ' . String:checkPlain($row->title);
* $context['sandbox']['progress']++;
* $context['sandbox']['current_id'] = $row->id;
- * $context['message'] = check_plain($row->title);
+ * $context['message'] = String:checkPlain($row->title);
* }
* if ($context['sandbox']['progress'] != $context['sandbox']['max']) {
* $context['finished'] = $context['sandbox']['progress'] / $context['sandbox']['max'];
diff --git a/core/includes/menu.inc b/core/includes/menu.inc
index 5eac9151a186006dbdfde0d76fb43925b771a976..88dc5b8cc0e336f329ce3333c66cae404e92c49c 100644
--- a/core/includes/menu.inc
+++ b/core/includes/menu.inc
@@ -6,6 +6,7 @@
*/
use Drupal\Component\Utility\NestedArray;
+use Drupal\Component\Utility\String;
use Drupal\Core\Cache\CacheBackendInterface;
use Drupal\Core\Language\Language;
use Drupal\Core\Routing\RequestHelper;
@@ -1728,10 +1729,10 @@ function theme_menu_local_task($variables) {
// Add text to indicate active tab for non-visual users.
$active = '<span class="visually-hidden">' . t('(active tab)') . '</span>';
- // If the link does not contain HTML already, check_plain() it now.
+ // If the link does not contain HTML already, String::checkPlain() it now.
// After we set 'html'=TRUE the link will not be sanitized by l().
if (empty($link['localized_options']['html'])) {
- $link['title'] = check_plain($link['title']);
+ $link['title'] = String::checkPlain($link['title']);
}
$link['localized_options']['html'] = TRUE;
$link_text = t('!local-task-title!active', array('!local-task-title' => $link['title'], '!active' => $active));
diff --git a/core/includes/schema.inc b/core/includes/schema.inc
index 6563621c54717a32d09c2b7646b797031f66f4cf..725d75fbbcc8587bd69e767e6388d8f923f21069 100644
--- a/core/includes/schema.inc
+++ b/core/includes/schema.inc
@@ -232,7 +232,8 @@ function drupal_install_schema($module) {
* @return array
* An array of arrays with the following key/value pairs:
* - success: a boolean indicating whether the query succeeded.
- * - query: the SQL query(s) executed, passed through check_plain().
+ * - query: the SQL query(s) executed, passed through
+ * \Drupal\Component\Utility\String::checkPlain().
*/
function drupal_uninstall_schema($module) {
$schema = drupal_get_schema_unprocessed($module);
diff --git a/core/includes/theme.inc b/core/includes/theme.inc
index c77ddd0a88880d167e3796d1c03d73b11cee336d..e6403cfd7baf104c40273d93449b6834ca152fa3 100644
--- a/core/includes/theme.inc
+++ b/core/includes/theme.inc
@@ -1616,7 +1616,8 @@ function template_preprocess_status_messages(&$variables) {
* - href: The link URL. If omitted, the 'title' is shown as a plain text
* item in the links list.
* - html: (optional) Whether or not 'title' is HTML. If set, the title
- * will not be passed through check_plain().
+ * will not be passed through
+ * \Drupal\Component\Utility\String::checkPlain().
* - attributes: (optional) Attributes for the anchor, or for the <span>
* tag used in its place if no 'href' is supplied. If element 'class' is
* included, it must be an array of one or more class names.
@@ -1666,7 +1667,7 @@ function theme_links($variables) {
}
$output .= '<' . $heading['level'] . new Attribute($heading['attributes']) . '>';
- $output .= check_plain($heading['text']);
+ $output .= String::checkPlain($heading['text']);
$output .= '</' . $heading['level'] . '>';
}
@@ -1721,7 +1722,7 @@ function theme_links($variables) {
$link += array(
'html' => FALSE,
);
- $item = ($link['html'] ? $link['title'] : check_plain($link['title']));
+ $item = ($link['html'] ? $link['title'] : String::checkPlain($link['title']));
if (isset($link['attributes'])) {
$item = '<span' . new Attribute($link['attributes']) . '>' . $item . '</span>';
}
@@ -2567,11 +2568,11 @@ function template_preprocess_html(&$variables) {
elseif (drupal_get_title()) {
$head_title = array(
'title' => strip_tags(drupal_get_title()),
- 'name' => check_plain($site_config->get('name')),
+ 'name' => String::checkPlain($site_config->get('name')),
);
}
else {
- $head_title = array('name' => check_plain($site_config->get('name')));
+ $head_title = array('name' => String::checkPlain($site_config->get('name')));
if ($site_config->get('slogan')) {
$head_title['slogan'] = strip_tags(filter_xss_admin($site_config->get('slogan')));
}
@@ -2679,7 +2680,7 @@ function template_preprocess_page(&$variables) {
$variables['main_menu'] = theme_get_setting('features.main_menu') ? menu_main_menu() : array();
$variables['secondary_menu'] = theme_get_setting('features.secondary_menu') ? menu_secondary_menu() : array();
$variables['action_links'] = menu_get_local_actions();
- $variables['site_name'] = (theme_get_setting('features.name') ? check_plain($site_config->get('name')) : '');
+ $variables['site_name'] = (theme_get_setting('features.name') ? String::checkPlain($site_config->get('name')) : '');
$variables['site_slogan'] = (theme_get_setting('features.slogan') ? filter_xss_admin($site_config->get('slogan')) : '');
$variables['tabs'] = menu_local_tabs();
@@ -2873,7 +2874,7 @@ function template_preprocess_maintenance_page(&$variables) {
);
}
else {
- $head_title = array('name' => check_plain($site_name));
+ $head_title = array('name' => String::checkPlain($site_name));
if ($site_slogan) {
$head_title['slogan'] = strip_tags(filter_xss_admin($site_slogan));
}
@@ -2907,7 +2908,7 @@ function template_preprocess_maintenance_page(&$variables) {
$variables['messages'] = $variables['show_messages'] ? theme('status_messages') : '';
$variables['main_menu'] = array();
$variables['secondary_menu'] = array();
- $variables['site_name'] = (theme_get_setting('features.name') ? check_plain($site_name) : '');
+ $variables['site_name'] = (theme_get_setting('features.name') ? String::checkPlain($site_name) : '');
$variables['site_slogan'] = (theme_get_setting('features.slogan') ? filter_xss_admin($site_slogan) : '');
$variables['tabs'] = '';
diff --git a/core/includes/update.inc b/core/includes/update.inc
index 0ae9b99d3c3861d5a5be1813c815026865da5c31..cac6ecf1d8aa4a857140346237d3965a69abd161 100644
--- a/core/includes/update.inc
+++ b/core/includes/update.inc
@@ -10,6 +10,7 @@
use Drupal\Component\Graph\Graph;
use Drupal\Component\Utility\Settings;
+use Drupal\Component\Utility\String;
use Drupal\Core\Config\FileStorage;
use Drupal\Core\Config\ConfigException;
use Drupal\Core\DrupalKernel;
@@ -813,7 +814,9 @@ function update_do_one($module, $number, $dependency_map, &$context) {
require_once __DIR__ . '/errors.inc';
$variables = _drupal_decode_exception($e);
unset($variables['backtrace']);
- // The exception message is run through check_plain() by _drupal_decode_exception().
+ // The exception message is run through
+ // \Drupal\Component\Utility\String::checkPlain() by
+ // _drupal_decode_exception().
$ret['#abort'] = array('success' => FALSE, 'query' => t('%type: !message in %function (line %line of %file).', $variables));
}
}
@@ -841,7 +844,7 @@ function update_do_one($module, $number, $dependency_map, &$context) {
drupal_set_installed_schema_version($module, $number);
}
- $context['message'] = 'Updating ' . check_plain($module) . ' module';
+ $context['message'] = 'Updating ' . String::checkPlain($module) . ' module';
}
/**