.-.-.-.-.-

/**
 * Container for storing shortcode tags and their hook to call for the shortcode.
 *
 * @since 2.5.0
 *
 * @name $shortcode_tags
 * @var array
 * @global array $shortcode_tags
 */
$shortcode_tags = array();

/**
 * Adds a new shortcode.
 *
 * Care should be taken through prefixing or other means to ensure that the
 * shortcode tag being added is unique and will not conflict with other,
 * already-added shortcode tags. In the event of a duplicated tag, the tag
 * loaded last will take precedence.
 *
 * @since 2.5.0
 *
 * @global array $shortcode_tags
 *
 * @param string   $tag      Shortcode tag to be searched in post content.
 * @param callable $callback The callback function to run when the shortcode is found.
 *                           Every shortcode callback is passed three parameters by default,
 *                           including an array of attributes (`$atts`), the shortcode content
 *                           or null if not set (`$content`), and finally the shortcode tag
 *                           itself (`$shortcode_tag`), in that order.
 */
function add_shortcode( $tag, $callback ) {
	global $shortcode_tags;

if ( '' === trim( $tag ) ) {
		_doing_it_wrong(
			__FUNCTION__,
			__( 'Invalid shortcode name: Empty name given.' ),
			'4.4.0'
		);
		return;
	}

if ( 0 !== preg_match( '@[<>&/\[\]\x00-\x20=]@', $tag ) ) {
		_doing_it_wrong(
			__FUNCTION__,
			sprintf(
				/* translators: 1: Shortcode name, 2: Space-separated list of reserved characters. */
				__( 'Invalid shortcode name: %1$s. Do not use spaces or reserved characters: %2$s' ),
				$tag,
				'& / < > [ ] ='
			),
			'4.4.0'
		);
		return;
	}

$shortcode_tags[ $tag ] = $callback;
}

/**
 * Removes hook for shortcode.
 *
 * @since 2.5.0
 *
 * @global array $shortcode_tags
 *
 * @param string $tag Shortcode tag to remove hook for.
 */
function remove_shortcode( $tag ) {
	global $shortcode_tags;

unset( $shortcode_tags[ $tag ] );
}

/**
 * Clears all shortcodes.
 *
 * This function clears all of the shortcode tags by replacing the shortcodes global with
 * an empty array. This is actually an efficient method for removing all shortcodes.
 *
 * @since 2.5.0
 *
 * @global array $shortcode_tags
 */
function remove_all_shortcodes() {
	global $shortcode_tags;

$shortcode_tags = array();
}

/**
 * Determines whether a registered shortcode exists named $tag.
 *
 * @since 3.6.0
 *
 * @global array $shortcode_tags List of shortcode tags and their callback hooks.
 *
 * @param string $tag Shortcode tag to check.
 * @return bool Whether the given shortcode exists.
 */
function shortcode_exists( $tag ) {
	global $shortcode_tags;
	return array_key_exists( $tag, $shortcode_tags );
}

/**
 * Determines whether the passed content contains the specified shortcode.
 *
 * @since 3.6.0
 *
 * @global array $shortcode_tags
 *
 * @param string $content Content to search for shortcodes.
 * @param string $tag     Shortcode tag to check.
 * @return bool Whether the passed content contains the given shortcode.
 */
function has_shortcode( $content, $tag ) {
	if ( ! str_contains( $content, '[' ) ) {
		return false;
	}

if ( shortcode_exists( $tag ) ) {
		preg_match_all( '/' . get_shortcode_regex() . '/', $content, $matches, PREG_SET_ORDER );
		if ( empty( $matches ) ) {
			return false;
		}

foreach ( $matches as $shortcode ) {
			if ( $tag === $shortcode[2] ) {
				return true;
			} elseif ( ! empty( $shortcode[5] ) && has_shortcode( $shortcode[5], $tag ) ) {
				return true;
			}
		}
	}
	return false;
}

/**
 * Returns a list of registered shortcode names found in the given content.
 *
 * Example usage:
 *
 *     get_shortcode_tags_in_content( '[audio src="file.mp3"][/audio] [foo] [gallery ids="1,2,3"]' );
 *     // array( 'audio', 'gallery' )
 *
 * @since 6.3.2
 *
 * @param string $content The content to check.
 * @return string[] An array of registered shortcode names found in the content.
 */
function get_shortcode_tags_in_content( $content ) {
	if ( false === strpos( $content, '[' ) ) {
		return array();
	}

preg_match_all( '/' . get_shortcode_regex() . '/', $content, $matches, PREG_SET_ORDER );
	if ( empty( $matches ) ) {
		return array();
	}

$tags = array();
	foreach ( $matches as $shortcode ) {
		$tags[] = $shortcode[2];

if ( ! empty( $shortcode[5] ) ) {
			$deep_tags = get_shortcode_tags_in_content( $shortcode[5] );
			if ( ! empty( $deep_tags ) ) {
				$tags = array_merge( $tags, $deep_tags );
			}
		}
	}

return $tags;
}

/**
 * Searches content for shortcodes and filter shortcodes through their hooks.
 *
 * This function is an alias for do_shortcode().
 *
 * @since 5.4.0
 *
 * @see do_shortcode()
 *
 * @param string $content     Content to search for shortcodes.
 * @param bool   $ignore_html When true, shortcodes inside HTML elements will be skipped.
 *                            Default false.
 * @return string Content with shortcodes filtered out.
 */
function apply_shortcodes( $content, $ignore_html = false ) {
	return do_shortcode( $content, $ignore_html );
}

/**
 * Searches content for shortcodes and filter shortcodes through their hooks.
 *
 * If there are no shortcode tags defined, then the content will be returned
 * without any filtering. This might cause issues when plugins are disabled but
 * the shortcode will still show up in the post or content.
 *
 * @since 2.5.0
 *
 * @global array $shortcode_tags List of shortcode tags and their callback hooks.
 *
 * @param string $content     Content to search for shortcodes.
 * @param bool   $ignore_html When true, shortcodes inside HTML elements will be skipped.
 *                            Default false.
 * @return string Content with shortcodes filtered out.
 */
function do_shortcode( $content, $ignore_html = false ) {
	global $shortcode_tags;

if ( ! str_contains( $content, '[' ) ) {
		return $content;
	}

if ( empty( $shortcode_tags ) || ! is_array( $shortcode_tags ) ) {
		return $content;
	}

// Find all registered tag names in $content.
	preg_match_all( '@\[([^<>&/\[\]\x00-\x20=]++)@', $content, $matches );
	$tagnames = array_intersect( array_keys( $shortcode_tags ), $matches[1] );

if ( empty( $tagnames ) ) {
		return $content;
	}

// Ensure this context is only added once if shortcodes are nested.
	$has_filter   = has_filter( 'wp_get_attachment_image_context', '_filter_do_shortcode_context' );
	$filter_added = false;

if ( ! $has_filter ) {
		$filter_added = add_filter( 'wp_get_attachment_image_context', '_filter_do_shortcode_context' );
	}

$content = do_shortcodes_in_html_tags( $content, $ignore_html, $tagnames );

$pattern = get_shortcode_regex( $tagnames );
	$content = preg_replace_callback( "/$pattern/", 'do_shortcode_tag', $content );

// Always restore square braces so we don't break things like <!--[if IE ]>.
	$content = unescape_invalid_shortcodes( $content );

// Only remove the filter if it was added in this scope.
	if ( $filter_added ) {
		remove_filter( 'wp_get_attachment_image_context', '_filter_do_shortcode_context' );
	}

return $content;
}

/**
 * Filter the `wp_get_attachment_image_context` hook during shortcode rendering.
 *
 * When wp_get_attachment_image() is called during shortcode rendering, we need to make clear
 * that the context is a shortcode and not part of the theme's template rendering logic.
 *
 * @since 6.3.0
 * @access private
 *
 * @return string The filtered context value for wp_get_attachment_images when doing shortcodes.
 */
function _filter_do_shortcode_context() {
	return 'do_shortcode';
}

/**
 * Retrieves the shortcode regular expression for searching.
 *
 * The regular expression combines the shortcode tags in the regular expression
 * in a regex class.
 *
 * The regular expression contains 6 different sub matches to help with parsing.
 *
 * 1 - An extra [ to allow for escaping shortcodes with double [[]]
 * 2 - The shortcode name
 * 3 - The shortcode argument list
 * 4 - The self closing /
 * 5 - The content of a shortcode when it wraps some content.
 * 6 - An extra ] to allow for escaping shortcodes with double [[]]
 *
 * @since 2.5.0
 * @since 4.4.0 Added the `$tagnames` parameter.
 *
 * @global array $shortcode_tags
 *
 * @param array $tagnames Optional. List of shortcodes to find. Defaults to all registered shortcodes.
 * @return string The shortcode search regular expression
 */
function get_shortcode_regex( $tagnames = null ) {
	global $shortcode_tags;

if ( empty( $tagnames ) ) {
		$tagnames = array_keys( $shortcode_tags );
	}
	$tagregexp = implode( '|', array_map( 'preg_quote', $tagnames ) );

/*
	 * WARNING! Do not change this regex without changing do_shortcode_tag() and strip_shortcode_tag().
	 * Also, see shortcode_unautop() and shortcode.js.
	 */

// phpcs:disable Squiz.Strings.ConcatenationSpacing.PaddingFound -- don't remove regex indentation
	return '\\['                             // Opening bracket.
		. '(\\[?)'                           // 1: Optional second opening bracket for escaping shortcodes: [[tag]].
		. "($tagregexp)"                     // 2: Shortcode name.
		. '(?![\\w-])'                       // Not followed by word character or hyphen.
		. '('                                // 3: Unroll the loop: Inside the opening shortcode tag.
		.     '[^\\]\\/]*'                   // Not a closing bracket or forward slash.
		.     '(?:'
		.         '\\/(?!\\])'               // A forward slash not followed by a closing bracket.
		.         '[^\\]\\/]*'               // Not a closing bracket or forward slash.
		.     ')*?'
		. ')'
		. '(?:'
		.     '(\\/)'                        // 4: Self closing tag...
		.     '\\]'                          // ...and closing bracket.
		. '|'
		.     '\\]'                          // Closing bracket.
		.     '(?:'
		.         '('                        // 5: Unroll the loop: Optionally, anything between the opening and closing shortcode tags.
		.             '[^\\[]*+'             // Not an opening bracket.
		.             '(?:'
		.                 '\\[(?!\\/\\2\\])' // An opening bracket not followed by the closing shortcode tag.
		.                 '[^\\[]*+'         // Not an opening bracket.
		.             ')*+'
		.         ')'
		.         '\\[\\/\\2\\]'             // Closing shortcode tag.
		.     ')?'
		. ')'
		. '(\\]?)';                          // 6: Optional second closing bracket for escaping shortcodes: [[tag]].
	// phpcs:enable
}

/**
 * Regular Expression callable for do_shortcode() for calling shortcode hook.
 *
 * @see get_shortcode_regex() for details of the match array contents.
 *
 * @since 2.5.0
 * @access private
 *
 * @global array $shortcode_tags
 *
 * @param array $m {
 *     Regular expression match array.
 *
 *     @type string $0 Entire matched shortcode text.
 *     @type string $1 Optional second opening bracket for escaping shortcodes.
 *     @type string $2 Shortcode name.
 *     @type string $3 Shortcode arguments list.
 *     @type string $4 Optional self closing slash.
 *     @type string $5 Content of a shortcode when it wraps some content.
 *     @type string $6 Optional second closing bracket for escaping shortcodes.
 * }
 * @return string Shortcode output.
 */
function do_shortcode_tag( $m ) {
	global $shortcode_tags;

// Allow [[foo]] syntax for escaping a tag.
	if ( '[' === $m[1] && ']' === $m[6] ) {
		return substr( $m[0], 1, -1 );
	}

$tag  = $m[2];
	$attr = shortcode_parse_atts( $m[3] );

if ( ! is_callable( $shortcode_tags[ $tag ] ) ) {
		_doing_it_wrong(
			__FUNCTION__,
			/* translators: %s: Shortcode tag. */
			sprintf( __( 'Attempting to parse a shortcode without a valid callback: %s' ), $tag ),
			'4.3.0'
		);
		return $m[0];
	}

/**
	 * Filters whether to call a shortcode callback.
	 *
	 * Returning a non-false value from filter will short-circuit the
	 * shortcode generation process, returning that value instead.
	 *
	 * @since 4.7.0
	 * @since 6.5.0 The `$attr` parameter is always an array.
	 *
	 * @param false|string $output Short-circuit return value. Either false or the value to replace the shortcode with.
	 * @param string       $tag    Shortcode name.
	 * @param array        $attr   Shortcode attributes array, can be empty if the original arguments string cannot be parsed.
	 * @param array        $m      Regular expression match array.
	 */
	$return = apply_filters( 'pre_do_shortcode_tag', false, $tag, $attr, $m );
	if ( false !== $return ) {
		return $return;
	}

$content = isset( $m[5] ) ? $m[5] : null;

$output = $m[1] . call_user_func( $shortcode_tags[ $tag ], $attr, $content, $tag ) . $m[6];

/**
	 * Filters the output created by a shortcode callback.
	 *
	 * @since 4.7.0
	 * @since 6.5.0 The `$attr` parameter is always an array.
	 *
	 * @param string $output Shortcode output.
	 * @param string $tag    Shortcode name.
	 * @param array  $attr   Shortcode attributes array, can be empty if the original arguments string cannot be parsed.
	 * @param array  $m      Regular expression match array.
	 */
	return apply_filters( 'do_shortcode_tag', $output, $tag, $attr, $m );
}

/**
 * Searches only inside HTML elements for shortcodes and process them.
 *
 * Any [ or ] characters remaining inside elements will be HTML encoded
 * to prevent interference with shortcodes that are outside the elements.
 * Assumes $content processed by KSES already.  Users with unfiltered_html
 * capability may get unexpected output if angle braces are nested in tags.
 *
 * @since 4.2.3
 *
 * @param string $content     Content to search for shortcodes.
 * @param bool   $ignore_html When true, all square braces inside elements will be encoded.
 * @param array  $tagnames    List of shortcodes to find.
 * @return string Content with shortcodes filtered out.
 */
function do_shortcodes_in_html_tags( $content, $ignore_html, $tagnames ) {
	// Normalize entities in unfiltered HTML before adding placeholders.
	$trans   = array(
		'&#91;' => '&#091;',
		'&#93;' => '&#093;',
	);
	$content = strtr( $content, $trans );
	$trans   = array(
		'[' => '&#91;',
		']' => '&#93;',
	);

$pattern = get_shortcode_regex( $tagnames );
	$textarr = wp_html_split( $content );

foreach ( $textarr as &$element ) {
		if ( '' === $element || '<' !== $element[0] ) {
			continue;
		}

$noopen  = ! str_contains( $element, '[' );
		$noclose = ! str_contains( $element, ']' );
		if ( $noopen || $noclose ) {
			// This element does not contain shortcodes.
			if ( $noopen xor $noclose ) {
				// Need to encode stray '[' or ']' chars.
				$element = strtr( $element, $trans );
			}
			continue;
		}

if ( $ignore_html || str_starts_with( $element, '<!--' ) || str_starts_with( $element, '<![CDATA[' ) ) {
			// Encode all '[' and ']' chars.
			$element = strtr( $element, $trans );
			continue;
		}

$attributes = wp_kses_attr_parse( $element );
		if ( false === $attributes ) {
			// Some plugins are doing things like [name] <[email]>.
			if ( 1 === preg_match( '%^<\s*\[\[?[^\[\]]+\]%', $element ) ) {
				$element = preg_replace_callback( "/$pattern/", 'do_shortcode_tag', $element );
			}

// Looks like we found some unexpected unfiltered HTML. Skipping it for confidence.
			$element = strtr( $element, $trans );
			continue;
		}

// Get element name.
		$front   = array_shift( $attributes );
		$back    = array_pop( $attributes );
		$matches = array();
		preg_match( '%[a-zA-Z0-9]+%', $front, $matches );
		$elname = $matches[0];

// Look for shortcodes in each attribute separately.
		foreach ( $attributes as &$attr ) {
			$open  = strpos( $attr, '[' );
			$close = strpos( $attr, ']' );
			if ( false === $open || false === $close ) {
				continue; // Go to next attribute. Square braces will be escaped at end of loop.
			}
			$double = strpos( $attr, '"' );
			$single = strpos( $attr, "'" );
			if ( ( false === $single || $open < $single ) && ( false === $double || $open < $double ) ) {
				/*
				 * $attr like '[shortcode]' or 'name = [shortcode]' implies unfiltered_html.
				 * In this specific situation we assume KSES did not run because the input
				 * was written by an administrator, so we should avoid changing the output
				 * and we do not need to run KSES here.
				 */
				$attr = preg_replace_callback( "/$pattern/", 'do_shortcode_tag', $attr );
			} else {
				/*
				 * $attr like 'name = "[shortcode]"' or "name = '[shortcode]'".
				 * We do not know if $content was unfiltered. Assume KSES ran before shortcodes.
				 */
				$count    = 0;
				$new_attr = preg_replace_callback( "/$pattern/", 'do_shortcode_tag', $attr, -1, $count );
				if ( $count > 0 ) {
					// Sanitize the shortcode output using KSES.
					$new_attr = wp_kses_one_attr( $new_attr, $elname );
					if ( '' !== trim( $new_attr ) ) {
						// The shortcode is safe to use now.
						$attr = $new_attr;
					}
				}
			}
		}
		$element = $front . implode( '', $attributes ) . $back;

// Now encode any remaining '[' or ']' chars.
		$element = strtr( $element, $trans );
	}

$content = implode( '', $textarr );

return $content;
}

/**
 * Removes placeholders added by do_shortcodes_in_html_tags().
 *
 * @since 4.2.3
 *
 * @param string $content Content to search for placeholders.
 * @return string Content with placeholders removed.
 */
function unescape_invalid_shortcodes( $content ) {
	// Clean up entire string, avoids re-parsing HTML.
	$trans = array(
		'&#91;' => '[',
		'&#93;' => ']',
	);

$content = strtr( $content, $trans );

return $content;
}

/**
 * Retrieves the shortcode attributes regex.
 *
 * @since 4.4.0
 *
 * @return string The shortcode attribute regular expression.
 */
function get_shortcode_atts_regex() {
	return '/([\w-]+)\s*=\s*"([^"]*)"(?:\s|$)|([\w-]+)\s*=\s*\'([^\']*)\'(?:\s|$)|([\w-]+)\s*=\s*([^\s\'"]+)(?:\s|$)|"([^"]*)"(?:\s|$)|\'([^\']*)\'(?:\s|$)|(\S+)(?:\s|$)/';
}

/**
 * Retrieves all attributes from the shortcodes tag.
 *
 * The attributes list has the attribute name as the key and the value of the
 * attribute as the value in the key/value pair. This allows for easier
 * retrieval of the attributes, since all attributes have to be known.
 *
 * @since 2.5.0
 * @since 6.5.0 The function now always returns an array,
 *              even if the original arguments string cannot be parsed or is empty.
 *
 * @param string $text Shortcode arguments list.
 * @return array Array of attribute values keyed by attribute name.
 *               Returns empty array if there are no attributes
 *               or if the original arguments string cannot be parsed.
 */
function shortcode_parse_atts( $text ) {
	$atts    = array();
	$pattern = get_shortcode_atts_regex();
	$text    = preg_replace( "/[\x{00a0}\x{200b}]+/u", ' ', $text );
	if ( preg_match_all( $pattern, $text, $match, PREG_SET_ORDER ) ) {
		foreach ( $match as $m ) {
			if ( ! empty( $m[1] ) ) {
				$atts[ strtolower( $m[1] ) ] = stripcslashes( $m[2] );
			} elseif ( ! empty( $m[3] ) ) {
				$atts[ strtolower( $m[3] ) ] = stripcslashes( $m[4] );
			} elseif ( ! empty( $m[5] ) ) {
				$atts[ strtolower( $m[5] ) ] = stripcslashes( $m[6] );
			} elseif ( isset( $m[7] ) && strlen( $m[7] ) ) {
				$atts[] = stripcslashes( $m[7] );
			} elseif ( isset( $m[8] ) && strlen( $m[8] ) ) {
				$atts[] = stripcslashes( $m[8] );
			} elseif ( isset( $m[9] ) ) {
				$atts[] = stripcslashes( $m[9] );
			}
		}

// Reject any unclosed HTML elements.
		foreach ( $atts as &$value ) {
			if ( str_contains( $value, '<' ) ) {
				if ( 1 !== preg_match( '/^[^<]*+(?:<[^>]*+>[^<]*+)*+$/', $value ) ) {
					$value = '';
				}
			}
		}
	}

return $atts;
}

/**
 * Combines user attributes with known attributes and fill in defaults when needed.
 *
 * The pairs should be considered to be all of the attributes which are
 * supported by the caller and given as a list. The returned attributes will
 * only contain the attributes in the $pairs list.
 *
 * If the $atts list has unsupported attributes, then they will be ignored and
 * removed from the final returned list.
 *
 * @since 2.5.0
 *
 * @param array  $pairs     Entire list of supported attributes and their defaults.
 * @param array  $atts      User defined attributes in shortcode tag.
 * @param string $shortcode Optional. The name of the shortcode, provided for context to enable filtering
 * @return array Combined and filtered attribute list.
 */
function shortcode_atts( $pairs, $atts, $shortcode = '' ) {
	$atts = (array) $atts;
	$out  = array();
	foreach ( $pairs as $name => $default ) {
		if ( array_key_exists( $name, $atts ) ) {
			$out[ $name ] = $atts[ $name ];
		} else {
			$out[ $name ] = $default;
		}
	}

if ( $shortcode ) {
		/**
		 * Filters shortcode attributes.
		 *
		 * If the third parameter of the shortcode_atts() function is present then this filter is available.
		 * The third parameter, $shortcode, is the name of the shortcode.
		 *
		 * @since 3.6.0
		 * @since 4.4.0 Added the `$shortcode` parameter.
		 *
		 * @param array  $out       The output array of shortcode attributes.
		 * @param array  $pairs     The supported attributes and their defaults.
		 * @param array  $atts      The user defined shortcode attributes.
		 * @param string $shortcode The shortcode name.
		 */
		$out = apply_filters( "shortcode_atts_{$shortcode}", $out, $pairs, $atts, $shortcode );
	}

return $out;
}

/**
 * Removes all shortcode tags from the given content.
 *
 * @since 2.5.0
 *
 * @global array $shortcode_tags
 *
 * @param string $content Content to remove shortcode tags.
 * @return string Content without shortcode tags.
 */
function strip_shortcodes( $content ) {
	global $shortcode_tags;

if ( ! str_contains( $content, '[' ) ) {
		return $content;
	}

if ( empty( $shortcode_tags ) || ! is_array( $shortcode_tags ) ) {
		return $content;
	}

// Find all registered tag names in $content.
	preg_match_all( '@\[([^<>&/\[\]\x00-\x20=]++)@', $content, $matches );

$tags_to_remove = array_keys( $shortcode_tags );

/**
	 * Filters the list of shortcode tags to remove from the content.
	 *
	 * @since 4.7.0
	 *
	 * @param array  $tags_to_remove Array of shortcode tags to remove.
	 * @param string $content        Content shortcodes are being removed from.
	 */
	$tags_to_remove = apply_filters( 'strip_shortcodes_tagnames', $tags_to_remove, $content );

$tagnames = array_intersect( $tags_to_remove, $matches[1] );

if ( empty( $tagnames ) ) {
		return $content;
	}

$content = do_shortcodes_in_html_tags( $content, true, $tagnames );

$pattern = get_shortcode_regex( $tagnames );
	$content = preg_replace_callback( "/$pattern/", 'strip_shortcode_tag', $content );

// Always restore square braces so we don't break things like <!--[if IE ]>.
	$content = unescape_invalid_shortcodes( $content );

return $content;
}

/**
 * Strips a shortcode tag based on RegEx matches against post content.
 *
 * @since 3.3.0
 *
 * @param array $m RegEx matches against post content.
 * @return string|false The content stripped of the tag, otherwise false.
 */
function strip_shortcode_tag( $m ) {
	// Allow [[foo]] syntax for escaping a tag.
	if ( '[' === $m[1] && ']' === $m[6] ) {
		return substr( $m[0], 1, -1 );
	}

return $m[1] . $m[6];
}

/home/servlmvm/www/wp-admin/../wp-includes/shortcodes.php

<?php
/**
* WordPress API for creating bbcode-like tags or what WordPress calls
* "shortcodes". The tag and attribute parsing or regular expression code is
* based on the Textpattern tag parser.
*
* A few examples are below:
*
* [shortcode /]
* [shortcode foo="bar" baz="bing" /]
* [shortcode foo="bar"]content[/shortcode]
*
* Shortcode tags support attributes and enclosed content, but does not entirely
* support inline shortcodes in other shortcodes. You will have to call the
* shortcode parser in your function to account for that.
*
* {@internal
* Please be aware that the above note was made during the beta of WordPress 2.6
* and in the future may not be accurate. Please update the note when it is no
* longer the case.}}
*
* To apply shortcode tags to content:
*
* $out = do_shortcode( $content );
*
* @link https://developer.wordpress.org/plugins/shortcodes/
*
* @package WordPress
* @subpackage Shortcodes
* @since 2.5.0
*/

/**
* Container for storing shortcode tags and their hook to call for the shortcode.
*
* @since 2.5.0
*
* @name $shortcode_tags
* @var array
* @global array $shortcode_tags
*/
$shortcode_tags = array();

/**
* Adds a new shortcode.
*
* Care should be taken through prefixing or other means to ensure that the
* shortcode tag being added is unique and will not conflict with other,
* already-added shortcode tags. In the event of a duplicated tag, the tag
* loaded last will take precedence.
*
* @since 2.5.0
*
* @global array $shortcode_tags
*
* @param string $tag Shortcode tag to be searched in post content.
* @param callable $callback The callback function to run when the shortcode is found.
* Every shortcode callback is passed three parameters by default,
* including an array of attributes (`$atts`), the shortcode content
* or null if not set (`$content`), and finally the shortcode tag
* itself (`$shortcode_tag`), in that order.
*/
function add_shortcode( $tag, $callback ) {
global $shortcode_tags;

if ( '' === trim( $tag ) ) {
_doing_it_wrong(
__FUNCTION__,
__( 'Invalid shortcode name: Empty name given.' ),
'4.4.0'
);
return;
}

if ( 0 !== preg_match( '@[<>&/\[\]\x00-\x20=]@', $tag ) ) {
_doing_it_wrong(
__FUNCTION__,
sprintf(
/* translators: 1: Shortcode name, 2: Space-separated list of reserved characters. */
__( 'Invalid shortcode name: %1$s. Do not use spaces or reserved characters: %2$s' ),
$tag,
'& / < > [ ] ='
),
'4.4.0'
);
return;
}

$shortcode_tags[ $tag ] = $callback;
}

/**
* Removes hook for shortcode.
*
* @since 2.5.0
*
* @global array $shortcode_tags
*
* @param string $tag Shortcode tag to remove hook for.
*/
function remove_shortcode( $tag ) {
global $shortcode_tags;

unset( $shortcode_tags[ $tag ] );
}

/**
* Clears all shortcodes.
*
* This function clears all of the shortcode tags by replacing the shortcodes global with
* an empty array. This is actually an efficient method for removing all shortcodes.
*
* @since 2.5.0
*
* @global array $shortcode_tags
*/
function remove_all_shortcodes() {
global $shortcode_tags;

$shortcode_tags = array();
}

/**
* Determines whether a registered shortcode exists named $tag.
*
* @since 3.6.0
*
* @global array $shortcode_tags List of shortcode tags and their callback hooks.
*
* @param string $tag Shortcode tag to check.
* @return bool Whether the given shortcode exists.
*/
function shortcode_exists( $tag ) {
global $shortcode_tags;
return array_key_exists( $tag, $shortcode_tags );
}

/**
* Determines whether the passed content contains the specified shortcode.
*
* @since 3.6.0
*
* @global array $shortcode_tags
*
* @param string $content Content to search for shortcodes.
* @param string $tag Shortcode tag to check.
* @return bool Whether the passed content contains the given shortcode.
*/
function has_shortcode( $content, $tag ) {
if ( ! str_contains( $content, '[' ) ) {
return false;
}

if ( shortcode_exists( $tag ) ) {
preg_match_all( '/' . get_shortcode_regex() . '/', $content, $matches, PREG_SET_ORDER );
if ( empty( $matches ) ) {
return false;
}

foreach ( $matches as $shortcode ) {
if ( $tag === $shortcode[2] ) {
return true;
} elseif ( ! empty( $shortcode[5] ) && has_shortcode( $shortcode[5], $tag ) ) {
return true;
}
}
}
return false;
}

/**
* Returns a list of registered shortcode names found in the given content.
*
* Example usage:
*
* get_shortcode_tags_in_content( '[audio src="file.mp3"][/audio] [foo] [gallery ids="1,2,3"]' );
* // array( 'audio', 'gallery' )
*
* @since 6.3.2
*
* @param string $content The content to check.
* @return string[] An array of registered shortcode names found in the content.
*/
function get_shortcode_tags_in_content( $content ) {
if ( false === strpos( $content, '[' ) ) {
return array();
}

preg_match_all( '/' . get_shortcode_regex() . '/', $content, $matches, PREG_SET_ORDER );
if ( empty( $matches ) ) {
return array();
}

$tags = array();
foreach ( $matches as $shortcode ) {
$tags[] = $shortcode[2];

if ( ! empty( $shortcode[5] ) ) {
$deep_tags = get_shortcode_tags_in_content( $shortcode[5] );
if ( ! empty( $deep_tags ) ) {
$tags = array_merge( $tags, $deep_tags );
}
}
}

return $tags;
}

/**
* Searches content for shortcodes and filter shortcodes through their hooks.
*
* This function is an alias for do_shortcode().
*
* @since 5.4.0
*
* @see do_shortcode()
*
* @param string $content Content to search for shortcodes.
* @param bool $ignore_html When true, shortcodes inside HTML elements will be skipped.
* Default false.
* @return string Content with shortcodes filtered out.
*/
function apply_shortcodes( $content, $ignore_html = false ) {
return do_shortcode( $content, $ignore_html );
}

/**
* Searches content for shortcodes and filter shortcodes through their hooks.
*
* If there are no shortcode tags defined, then the content will be returned
* without any filtering. This might cause issues when plugins are disabled but
* the shortcode will still show up in the post or content.
*
* @since 2.5.0
*
* @global array $shortcode_tags List of shortcode tags and their callback hooks.
*
* @param string $content Content to search for shortcodes.
* @param bool $ignore_html When true, shortcodes inside HTML elements will be skipped.
* Default false.
* @return string Content with shortcodes filtered out.
*/
function do_shortcode( $content, $ignore_html = false ) {
global $shortcode_tags;

if ( ! str_contains( $content, '[' ) ) {
return $content;
}

if ( empty( $shortcode_tags ) || ! is_array( $shortcode_tags ) ) {
return $content;
}

// Find all registered tag names in $content.
preg_match_all( '@\[([^<>&/\[\]\x00-\x20=]++)@', $content, $matches );
$tagnames = array_intersect( array_keys( $shortcode_tags ), $matches[1] );

if ( empty( $tagnames ) ) {
return $content;
}

// Ensure this context is only added once if shortcodes are nested.
$has_filter = has_filter( 'wp_get_attachment_image_context', '_filter_do_shortcode_context' );
$filter_added = false;

if ( ! $has_filter ) {
$filter_added = add_filter( 'wp_get_attachment_image_context', '_filter_do_shortcode_context' );
}

$content = do_shortcodes_in_html_tags( $content, $ignore_html, $tagnames );

$pattern = get_shortcode_regex( $tagnames );
$content = preg_replace_callback( "/$pattern/", 'do_shortcode_tag', $content );

// Always restore square braces so we don't break things like <!--[if IE ]>.
$content = unescape_invalid_shortcodes( $content );

// Only remove the filter if it was added in this scope.
if ( $filter_added ) {
remove_filter( 'wp_get_attachment_image_context', '_filter_do_shortcode_context' );
}

return $content;
}

/**
* Filter the `wp_get_attachment_image_context` hook during shortcode rendering.
*
* When wp_get_attachment_image() is called during shortcode rendering, we need to make clear
* that the context is a shortcode and not part of the theme's template rendering logic.
*
* @since 6.3.0
* @access private
*
* @return string The filtered context value for wp_get_attachment_images when doing shortcodes.
*/
function _filter_do_shortcode_context() {
return 'do_shortcode';
}

/**
* Retrieves the shortcode regular expression for searching.
*
* The regular expression combines the shortcode tags in the regular expression
* in a regex class.
*
* The regular expression contains 6 different sub matches to help with parsing.
*
* 1 - An extra [ to allow for escaping shortcodes with double [[]]
* 2 - The shortcode name
* 3 - The shortcode argument list
* 4 - The self closing /
* 5 - The content of a shortcode when it wraps some content.
* 6 - An extra ] to allow for escaping shortcodes with double [[]]
*
* @since 2.5.0
* @since 4.4.0 Added the `$tagnames` parameter.
*
* @global array $shortcode_tags
*
* @param array $tagnames Optional. List of shortcodes to find. Defaults to all registered shortcodes.
* @return string The shortcode search regular expression
*/
function get_shortcode_regex( $tagnames = null ) {
global $shortcode_tags;

if ( empty( $tagnames ) ) {
$tagnames = array_keys( $shortcode_tags );
}
$tagregexp = implode( '|', array_map( 'preg_quote', $tagnames ) );

/*
* WARNING! Do not change this regex without changing do_shortcode_tag() and strip_shortcode_tag().
* Also, see shortcode_unautop() and shortcode.js.
*/

// phpcs:disable Squiz.Strings.ConcatenationSpacing.PaddingFound -- don't remove regex indentation
return '\\[' // Opening bracket.
. '(\\[?)' // 1: Optional second opening bracket for escaping shortcodes: [[tag]].
. "($tagregexp)" // 2: Shortcode name.
. '(?![\\w-])' // Not followed by word character or hyphen.
. '(' // 3: Unroll the loop: Inside the opening shortcode tag.
. '[^\\]\\/]*' // Not a closing bracket or forward slash.
. '(?:'
. '\\/(?!\\])' // A forward slash not followed by a closing bracket.
. '[^\\]\\/]*' // Not a closing bracket or forward slash.
. ')*?'
. ')'
. '(?:'
. '(\\/)' // 4: Self closing tag...
. '\\]' // ...and closing bracket.
. '|'
. '\\]' // Closing bracket.
. '(?:'
. '(' // 5: Unroll the loop: Optionally, anything between the opening and closing shortcode tags.
. '[^\\[]*+' // Not an opening bracket.
. '(?:'
. '\\[(?!\\/\\2\\])' // An opening bracket not followed by the closing shortcode tag.
. '[^\\[]*+' // Not an opening bracket.
. ')*+'
. ')'
. '\\[\\/\\2\\]' // Closing shortcode tag.
. ')?'
. ')'
. '(\\]?)'; // 6: Optional second closing bracket for escaping shortcodes: [[tag]].
// phpcs:enable
}

/**
* Regular Expression callable for do_shortcode() for calling shortcode hook.
*
* @see get_shortcode_regex() for details of the match array contents.
*
* @since 2.5.0
* @access private
*
* @global array $shortcode_tags
*
* @param array $m {
* Regular expression match array.
*
* @type string $0 Entire matched shortcode text.
* @type string $1 Optional second opening bracket for escaping shortcodes.
* @type string $2 Shortcode name.
* @type string $3 Shortcode arguments list.
* @type string $4 Optional self closing slash.
* @type string $5 Content of a shortcode when it wraps some content.
* @type string $6 Optional second closing bracket for escaping shortcodes.
* }
* @return string Shortcode output.
*/
function do_shortcode_tag( $m ) {
global $shortcode_tags;

// Allow [[foo]] syntax for escaping a tag.
if ( '[' === $m[1] && ']' === $m[6] ) {
return substr( $m[0], 1, -1 );
}

$tag = $m[2];
$attr = shortcode_parse_atts( $m[3] );

if ( ! is_callable( $shortcode_tags[ $tag ] ) ) {
_doing_it_wrong(
__FUNCTION__,
/* translators: %s: Shortcode tag. */
sprintf( __( 'Attempting to parse a shortcode without a valid callback: %s' ), $tag ),
'4.3.0'
);
return $m[0];
}

/**
* Filters whether to call a shortcode callback.
*
* Returning a non-false value from filter will short-circuit the
* shortcode generation process, returning that value instead.
*
* @since 4.7.0
* @since 6.5.0 The `$attr` parameter is always an array.
*
* @param false|string $output Short-circuit return value. Either false or the value to replace the shortcode with.
* @param string $tag Shortcode name.
* @param array $attr Shortcode attributes array, can be empty if the original arguments string cannot be parsed.
* @param array $m Regular expression match array.
*/
$return = apply_filters( 'pre_do_shortcode_tag', false, $tag, $attr, $m );
if ( false !== $return ) {
return $return;
}

$content = isset( $m[5] ) ? $m[5] : null;

$output = $m[1] . call_user_func( $shortcode_tags[ $tag ], $attr, $content, $tag ) . $m[6];

/**
* Filters the output created by a shortcode callback.
*
* @since 4.7.0
* @since 6.5.0 The `$attr` parameter is always an array.
*
* @param string $output Shortcode output.
* @param string $tag Shortcode name.
* @param array $attr Shortcode attributes array, can be empty if the original arguments string cannot be parsed.
* @param array $m Regular expression match array.
*/
return apply_filters( 'do_shortcode_tag', $output, $tag, $attr, $m );
}

/**
* Searches only inside HTML elements for shortcodes and process them.
*
* Any [ or ] characters remaining inside elements will be HTML encoded
* to prevent interference with shortcodes that are outside the elements.
* Assumes $content processed by KSES already. Users with unfiltered_html
* capability may get unexpected output if angle braces are nested in tags.
*
* @since 4.2.3
*
* @param string $content Content to search for shortcodes.
* @param bool $ignore_html When true, all square braces inside elements will be encoded.
* @param array $tagnames List of shortcodes to find.
* @return string Content with shortcodes filtered out.
*/
function do_shortcodes_in_html_tags( $content, $ignore_html, $tagnames ) {
// Normalize entities in unfiltered HTML before adding placeholders.
$trans = array(
'[' => '[',
']' => ']',
);
$content = strtr( $content, $trans );
$trans = array(
'[' => '[',
']' => ']',
);

$pattern = get_shortcode_regex( $tagnames );
$textarr = wp_html_split( $content );

foreach ( $textarr as &$element ) {
if ( '' === $element || '<' !== $element[0] ) {
continue;
}

$noopen = ! str_contains( $element, '[' );
$noclose = ! str_contains( $element, ']' );
if ( $noopen || $noclose ) {
// This element does not contain shortcodes.
if ( $noopen xor $noclose ) {
// Need to encode stray '[' or ']' chars.
$element = strtr( $element, $trans );
}
continue;
}

if ( $ignore_html || str_starts_with( $element, '<!--' ) || str_starts_with( $element, '<![CDATA[' ) ) {
// Encode all '[' and ']' chars.
$element = strtr( $element, $trans );
continue;
}

$attributes = wp_kses_attr_parse( $element );
if ( false === $attributes ) {
// Some plugins are doing things like [name] <[email]>.
if ( 1 === preg_match( '%^<\s*\[\[?[^\[\]]+\]%', $element ) ) {
$element = preg_replace_callback( "/$pattern/", 'do_shortcode_tag', $element );
}

// Looks like we found some unexpected unfiltered HTML. Skipping it for confidence.
$element = strtr( $element, $trans );
continue;
}

// Get element name.
$front = array_shift( $attributes );
$back = array_pop( $attributes );
$matches = array();
preg_match( '%[a-zA-Z0-9]+%', $front, $matches );
$elname = $matches[0];

// Look for shortcodes in each attribute separately.
foreach ( $attributes as &$attr ) {
$open = strpos( $attr, '[' );
$close = strpos( $attr, ']' );
if ( false === $open || false === $close ) {
continue; // Go to next attribute. Square braces will be escaped at end of loop.
}
$double = strpos( $attr, '"' );
$single = strpos( $attr, "'" );
if ( ( false === $single || $open < $single ) && ( false === $double || $open < $double ) ) {
/*
* $attr like '[shortcode]' or 'name = [shortcode]' implies unfiltered_html.
* In this specific situation we assume KSES did not run because the input
* was written by an administrator, so we should avoid changing the output
* and we do not need to run KSES here.
*/
$attr = preg_replace_callback( "/$pattern/", 'do_shortcode_tag', $attr );
} else {
/*
* $attr like 'name = "[shortcode]"' or "name = '[shortcode]'".
* We do not know if $content was unfiltered. Assume KSES ran before shortcodes.
*/
$count = 0;
$new_attr = preg_replace_callback( "/$pattern/", 'do_shortcode_tag', $attr, -1, $count );
if ( $count > 0 ) {
// Sanitize the shortcode output using KSES.
$new_attr = wp_kses_one_attr( $new_attr, $elname );
if ( '' !== trim( $new_attr ) ) {
// The shortcode is safe to use now.
$attr = $new_attr;
}
}
}
}
$element = $front . implode( '', $attributes ) . $back;

// Now encode any remaining '[' or ']' chars.
$element = strtr( $element, $trans );
}

$content = implode( '', $textarr );

return $content;
}

/**
* Removes placeholders added by do_shortcodes_in_html_tags().
*
* @since 4.2.3
*
* @param string $content Content to search for placeholders.
* @return string Content with placeholders removed.
*/
function unescape_invalid_shortcodes( $content ) {
// Clean up entire string, avoids re-parsing HTML.
$trans = array(
'[' => '[',
']' => ']',
);

$content = strtr( $content, $trans );

return $content;
}

/**
* Retrieves the shortcode attributes regex.
*
* @since 4.4.0
*
* @return string The shortcode attribute regular expression.
*/
function get_shortcode_atts_regex() {
return '/([\w-]+)\s*=\s*"([^"]*)"(?:\s|$)|([\w-]+)\s*=\s*\'([^\']*)\'(?:\s|$)|([\w-]+)\s*=\s*([^\s\'"]+)(?:\s|$)|"([^"]*)"(?:\s|$)|\'([^\']*)\'(?:\s|$)|(\S+)(?:\s|$)/';
}

/**
* Retrieves all attributes from the shortcodes tag.
*
* The attributes list has the attribute name as the key and the value of the
* attribute as the value in the key/value pair. This allows for easier
* retrieval of the attributes, since all attributes have to be known.
*
* @since 2.5.0
* @since 6.5.0 The function now always returns an array,
* even if the original arguments string cannot be parsed or is empty.
*
* @param string $text Shortcode arguments list.
* @return array Array of attribute values keyed by attribute name.
* Returns empty array if there are no attributes
* or if the original arguments string cannot be parsed.
*/
function shortcode_parse_atts( $text ) {
$atts = array();
$pattern = get_shortcode_atts_regex();
$text = preg_replace( "/[\x{00a0}\x{200b}]+/u", ' ', $text );
if ( preg_match_all( $pattern, $text, $match, PREG_SET_ORDER ) ) {
foreach ( $match as $m ) {
if ( ! empty( $m[1] ) ) {
$atts[ strtolower( $m[1] ) ] = stripcslashes( $m[2] );
} elseif ( ! empty( $m[3] ) ) {
$atts[ strtolower( $m[3] ) ] = stripcslashes( $m[4] );
} elseif ( ! empty( $m[5] ) ) {
$atts[ strtolower( $m[5] ) ] = stripcslashes( $m[6] );
} elseif ( isset( $m[7] ) && strlen( $m[7] ) ) {
$atts[] = stripcslashes( $m[7] );
} elseif ( isset( $m[8] ) && strlen( $m[8] ) ) {
$atts[] = stripcslashes( $m[8] );
} elseif ( isset( $m[9] ) ) {
$atts[] = stripcslashes( $m[9] );
}
}

// Reject any unclosed HTML elements.
foreach ( $atts as &$value ) {
if ( str_contains( $value, '<' ) ) {
if ( 1 !== preg_match( '/^[^<]*+(?:<[^>]*+>[^<]*+)*+$/', $value ) ) {
$value = '';
}
}
}
}

return $atts;
}

/**
* Combines user attributes with known attributes and fill in defaults when needed.
*
* The pairs should be considered to be all of the attributes which are
* supported by the caller and given as a list. The returned attributes will
* only contain the attributes in the $pairs list.
*
* If the $atts list has unsupported attributes, then they will be ignored and
* removed from the final returned list.
*
* @since 2.5.0
*
* @param array $pairs Entire list of supported attributes and their defaults.
* @param array $atts User defined attributes in shortcode tag.
* @param string $shortcode Optional. The name of the shortcode, provided for context to enable filtering
* @return array Combined and filtered attribute list.
*/
function shortcode_atts( $pairs, $atts, $shortcode = '' ) {
$atts = (array) $atts;
$out = array();
foreach ( $pairs as $name => $default ) {
if ( array_key_exists( $name, $atts ) ) {
$out[ $name ] = $atts[ $name ];
} else {
$out[ $name ] = $default;
}
}

if ( $shortcode ) {
/**
* Filters shortcode attributes.
*
* If the third parameter of the shortcode_atts() function is present then this filter is available.
* The third parameter, $shortcode, is the name of the shortcode.
*
* @since 3.6.0
* @since 4.4.0 Added the `$shortcode` parameter.
*
* @param array $out The output array of shortcode attributes.
* @param array $pairs The supported attributes and their defaults.
* @param array $atts The user defined shortcode attributes.
* @param string $shortcode The shortcode name.
*/
$out = apply_filters( "shortcode_atts_{$shortcode}", $out, $pairs, $atts, $shortcode );
}

return $out;
}

/**
* Removes all shortcode tags from the given content.
*
* @since 2.5.0
*
* @global array $shortcode_tags
*
* @param string $content Content to remove shortcode tags.
* @return string Content without shortcode tags.
*/
function strip_shortcodes( $content ) {
global $shortcode_tags;

if ( ! str_contains( $content, '[' ) ) {
return $content;
}

if ( empty( $shortcode_tags ) || ! is_array( $shortcode_tags ) ) {
return $content;
}

// Find all registered tag names in $content.
preg_match_all( '@\[([^<>&/\[\]\x00-\x20=]++)@', $content, $matches );

$tags_to_remove = array_keys( $shortcode_tags );

/**
* Filters the list of shortcode tags to remove from the content.
*
* @since 4.7.0
*
* @param array $tags_to_remove Array of shortcode tags to remove.
* @param string $content Content shortcodes are being removed from.
*/
$tags_to_remove = apply_filters( 'strip_shortcodes_tagnames', $tags_to_remove, $content );

$tagnames = array_intersect( $tags_to_remove, $matches[1] );

if ( empty( $tagnames ) ) {
return $content;
}

$content = do_shortcodes_in_html_tags( $content, true, $tagnames );

$pattern = get_shortcode_regex( $tagnames );
$content = preg_replace_callback( "/$pattern/", 'strip_shortcode_tag', $content );

// Always restore square braces so we don't break things like <!--[if IE ]>.
$content = unescape_invalid_shortcodes( $content );

return $content;
}

/**
* Strips a shortcode tag based on RegEx matches against post content.
*
* @since 3.3.0
*
* @param array $m RegEx matches against post content.
* @return string|false The content stripped of the tag, otherwise false.
*/
function strip_shortcode_tag( $m ) {
// Allow [[foo]] syntax for escaping a tag.
if ( '[' === $m[1] && ']' === $m[6] ) {
return substr( $m[0], 1, -1 );
}

return $m[1] . $m[6];
}